TechSpot

Laptop crashing and redirecting with Google searches

By Rob5sl
Apr 1, 2012
  1. Hello Guys, I hoping I can get some advice and help from your expertise.

    I am having a problem with my laptop redirecting with a google search and crashing when left on and idle for a while. The computer is having a difficult time booting up from off. Having to run scans to recover. I have had to set the date and time back a couple of times to get it to recover. I have an HP Pavilion dv6 about a year old and runnings Windows 7 version 6.1

    I have read some of your threads here and have followed your directions. I have downloaded Malwarebytes' Anti Maware and followed instuctions. Scanned, made sure everything was selected and removed. The same with GMER and DDS. I am going to attempt posting my results. Hopefully I get this right.


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.31.14

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Rob :: PARADISELAPTOP [administrator]

    3/31/2012 8:24:26 PM
    mbam-log-2012-03-31 (20-24-26).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 195023
    Time elapsed: 3 minute(s), 55 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 6600 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 26
    HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.

    Files Detected: 13
    C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Users\Rob\AppData\Local\Temp\DM\Installer_for_AVG-Anti-Virus-Free-Edition-2012_008156\IwantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
    C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.

    (end)

    The GMER log is really big?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Split GMER log between several replies (as our instructions say).
     
  3. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    Laptop Crashing and redirecting

    Thanks Broni, Here is the GMER Log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-01 13:09:30
    Windows 6.1.7600
    Running: rt60ln90.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\statstracker[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\statstracker[3].htm 39 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\ITPS_Ultimate_v172_PiecesofYou_PYLockman_728x90[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\jsadimp[2].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\sddefault[1].jpg 30729 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\trans1x1[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\TSRs[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\lessandra-candice-love-me-2011-7[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\ping[2].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\0811_103_USA_300250A[1].gif 27335 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\0R2lIsbqMb_1502075718[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\1-ABC_SCA_300x250_base_SBS[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\1-US_FY12-JFM_Clorox-Bleach_YouBed_Flash_160x600[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\1-US_FY12-JFM_Clorox-Bleach_YouBed_Flash_300x250[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\log[2].txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\get[2] 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\victorias-secret-022812-12[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\AdDisplayTrackerServlet[2].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\ros;pos=top;genre=buzz;;tile=4;sz=300x250;ord=3538262200[1].js 576 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\r[5].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\cookie[1].js 202 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\count[1].json 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\667553[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\97px-Macky_Sall_cropped[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\ABC_SCA_300x250_sub_WSB_new_v2[1].swf 62513 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\freq[2].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\px[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\img[1].htm 1368 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\megan-fox-071111-1[1].jpg 5983 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\men-in-black-3-image-1[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\men-in-black-3-image-2[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\Meta-logo-35px[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\load[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\load[3].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\517052417_7_148_111[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\afr[3].htm 1211 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\Wikinews-logo-51px[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\300x250_OT_3profileNeutralAutumn_15Sec_102015_0312[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\346127_016_3[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\erin-heatherton-vs-march11-16[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\getCAC9V5N7 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\open[2].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\bullet-icon[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\logCAVWU2K0.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\red_x[1] 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\reese-011211-2[1].jpg 0 bytes
     
  4. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    Laptop crashing and redircting

    2nd part of GMER


    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\reese-011211-2[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\st[1] 4491 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\b_blue-square-media_com[3].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\Commons-logo-31px[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\results4[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\portal-break[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\1752428[1].xml 834 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\getCA6I1AWZ 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\getjs[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\cube[1].swf 142331 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\d27c01349bdf72fd0a3cbf845f7d9c2e[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\latestgossip[1].htm 91844 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\3142ae43e3b471ada39097c717dd5665[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\img[1].htm 1368 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\87574275[1].htm 8364 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\8ad7f5ec-6941-4548-a314-4f2dc5b75f96[1].htm 893 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\blank[4].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\pixel_adsafeprotected_com[2].gif 43 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\Wikiquote-logo-51px[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\Wiki[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\content_grabnetworks_com[3].xml 12940 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\11508_forrester_U.S._Forecast_2011-2016_banner_300x250_en_control-NEW[1].jpg 97083 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\1813449364@x10[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\1ab6d359-c969-40d4-bb87-f815f9d89d86[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\ping[2].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\loader[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\load[1].css 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\load[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\b_blue-square-media_com[7].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\iframe3[4].htm 1077 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\iframe3[5].htm 1077 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\AllAllergies-FH[1].js 1705 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\surly[6].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\ffi[1].js 840 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\FlipText_728x90_11.22[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\poweredby_mediawiki_88x31[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\3597_0adb4c7d-2e57-45dd-b7b8-ca5e091eeecb[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\rc[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\291f527d4894645fdd4b2aedc38054bd[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\setuid[1].gif 43 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\logosm[1].jpg 14002 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\vox_300x500[1].xml 14375 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\SenseHandler[2].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\adserv_14835[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\like[4].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\bsredirect5[3].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\ffiad[4].htm 394 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\ffiad[5].htm 394 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\search-fade[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\2002[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\st[3] 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\st[4] 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\google_ads[1].js 50509 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\728x90_FY12_MC_Ticket+and+Dine[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\p[1].gif 43 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\0RJQs5bHxV_1816548942[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\rs[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\rules[1].xml 1086 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\1473[1].js 1221 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDWHX7TO\8n4g9OFjZEBfoyyx+Qo7i11Xt3djeaa7qUsI3M4M68M=[1].xml 249 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDWHX7TO\log[3].txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDWHX7TO\viapi[1].xml 167 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\ads[4].js 12157 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\log[3].txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\log[4].txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\eva-32612-_2[1].jpg 4173 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\2012springscenttop10[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\index[2].htm 5 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\optn=64[4].js 6018 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\getCA8NAOZ6 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\getCABR8QMG 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\daisyeausofresh-marcjacobs[1].jpg 2695 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\quant[2].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\raw[1] 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\elefun_160x600_versionD[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\jilsander-eve[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\ba411355dd62ea66860f57274ecfdc1a[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\ab[1].htm 1275 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\comment_icon[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\2[1].xml 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\iframe3[3].htm 1168 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\iframe3[4].htm 1170 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\iframe3[5].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\iframe3[6].htm 692 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\AdaptvExchangeVastVideo[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\log[5].txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\st[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\st[2].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\versaceyellowdiamond[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\marion-cotillard-dior-bag[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\demi-moore-helena-rubenstein[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\goon-image-7[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\gossipcenter_com[1].htm 56309 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\grippie[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\1333260069[1].htm 8414 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\BTS-LeaMichele-CandiesKohls2012[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\optn=64[3].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\optn=64[4].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\728x90_Click-bk[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\kardashian-swimwear-sears-2012[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\karlie-kloss-w-mag-april-2012[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\kate-hudson-ann-taylor-sp2012[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\affiliate[1].htm 16539 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\click[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\refresh[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\image[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\120188040@Bottom3[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\1288479434@x15[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\130px-Bundesarchiv_Bild_183-R01996%2C_Brieftaube_mit_Fotokamera_cropped[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\1310161386963[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\controls[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\control[1].xml 0 bytes
     
  5. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    Last of GMER Log

    3rd and last part of GMER

    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\control[1].xml 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\count[2].json 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\g[4].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\g[5].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\ad[5].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\i[2].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\i[3].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\surly[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\surly[2].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\surly[3].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\swarovski-31512-[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\megan-fox-071111-5[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\redirect[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\getCAZ44M1R 18 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\monica-bellucci-picture-profile[1].jpg 11901 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\meta2[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\jquery.min[1].js 57254 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\adserv_14835[1].js 12269 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\ITPS_v172_PiecesofYou_PYLockman_300x250[1].swf 22085 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\ie7[2].css 1259 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\ie[1].css 3661 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\Rosie-Huntington-Whiteley-gorgeous-smile[1].jpg 10938 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\cached_iframe[5].htm 1662 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\adserv_15283[2].js 12127 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\widget-tv[1].css 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\img[2].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\BlackCareers_Ads_728x90_NonGames[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\black_trans_bg[1].png 113 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\ddc[6].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\system-menus[1].css 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\tap[2].gif 49 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\Pong[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\prometheus-movie-image[1].jpg 2086 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\prometheus-movie-picture-48[1].jpg 2000 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\prometheus-movie-picture-49[1].jpg 2264 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\superfish-vertical[1].css 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\verisign[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\1333260126[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\tod-cotouringeyeshadow[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\FeedsEnclosure-i[1].php%3Fk%3Db379327dfba8f2c2adff49216e31b68e786a7610 2657 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\63N2HCZH.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\R40PQWVD.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\S0J28N21.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\22XIECW3.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QV1BG4XQ.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\B275OE82.txt 389 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BGNCBRUF.txt 3495 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1G46ZW0U.txt 9292 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YP00USK0.txt 211 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VV3NGK5G.txt 134 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MWXWXK9V.txt 114 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0HUVJYKH.txt 915 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9DB6RF8E.txt 2332 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LOGB5RYW.txt 140 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\55UUG13D.txt 692 bytes

    ---- EOF - GMER 1.0.15 ----
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Go on with DDS.
     
  7. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    DDS Log

    incorrect log....
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    The above is incomplete.
    Redo.
     
  9. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    DDS second log

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Rob at 13:15:47 on 2012-04-01
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4044.1120 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Program Files\Wajam\Updater\WajamUpdater.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\Windows\system32\consent.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://aol.com/
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files\Wajam\IE\priam_bho.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [<NO NAME>]
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\16E6E616 : DhcpNameServer = 167.206.254.1 167.206.254.2
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\4796D656771627E65627361626C65677966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\7516C647562702E45475D27657563747 : DhcpNameServer = 167.206.254.2 167.206.254.1
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\876696E696479777966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\A657374796E6 : DhcpNameServer = 167.206.254.2 167.206.254.1
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\E4F425D414E4 : DhcpNameServer = 167.206.254.1 167.206.254.2
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO-X64: TSBHO Class - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll
    BHO-X64: Wajam IE BHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [(Default)]
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-21 89600]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-7 249672]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-21 13336]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-21 2656280]
    R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-3-10 909152]
    R2 WajamUpdater;WajamUpdater;C:\Program Files\Wajam\Updater\WajamUpdater.exe [2012-3-9 109064]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-04-01 05:26:11 20480 ----a-w- C:\Windows\svchost.exe
    2012-04-01 00:22:49 -------- d-----w- C:\Users\Rob\AppData\Roaming\Malwarebytes
    2012-04-01 00:22:44 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-01 00:22:44 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-01 00:22:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-31 22:00:52 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{689EE1A3-DC84-4DFB-9B49-B7AA60F79707}\mpengine.dll
    2012-03-20 02:24:22 -------- d-----w- C:\Users\Rob\AppData\Local\adaware
    2012-03-20 02:24:06 -------- d-----w- C:\Program Files (x86)\adawaretb
    2012-03-14 05:28:54 388096 ----a-r- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-03-14 05:28:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-03-14 02:26:56 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2012-03-14 02:26:52 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2012-03-14 02:26:12 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2012-03-10 23:47:15 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-03-10 23:45:24 -------- d-----w- C:\Users\Rob\AppData\Local\Wajam
    2012-03-10 23:45:24 -------- d-----w- C:\Program Files\Wajam
    2012-03-10 23:44:52 -------- d-----w- C:\Users\Rob\AppData\Roaming\AVG2012
    2012-03-10 23:38:19 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-03-10 23:38:17 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-03-10 23:38:15 -------- d--h--w- C:\ProgramData\Common Files
    2012-03-10 23:38:05 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-03-10 23:37:04 -------- d-----w- C:\Windows\System32\drivers\AVG
    2012-03-10 23:37:04 -------- d-----w- C:\ProgramData\AVG2012
    2012-03-10 23:35:15 -------- d-----w- C:\Program Files (x86)\AVG
    2012-03-10 23:30:11 -------- d-----w- C:\ProgramData\MFAData
    2012-03-10 23:30:07 -------- d-----w- C:\Users\Rob\AppData\Local\Google
    2012-03-10 23:30:03 -------- d-----w- C:\Users\Rob\AppData\Local\I Want This
    2012-03-09 14:46:51 -------- d-----w- C:\Users\Rob\AppData\Local\{C44D12A0-1A5F-49E8-B15E-79B2535D5DDB}
    2012-03-09 14:46:25 -------- d-----w- C:\Users\Rob\AppData\Local\{4397A341-BB60-4FEF-8F1D-EC59230A0390}
    2012-03-08 02:05:23 -------- d-----w- C:\Users\Rob\AppData\Roaming\IDT
    .
    ==================== Find3M ====================
    .
    2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
    .
    ============= FINISH: 13:16:53.41 ===============
     
  10. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    Here is DDS again

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/14/2011 10:32:49 PM
    System Uptime: 4/1/2012 1:24:52 AM (15 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1658
    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 450 GiB total, 395.789 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 1.891 GiB free.
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP78: 3/19/2012 10:21:56 PM - Installed Ad-Aware
    RP79: 3/19/2012 10:23:09 PM - Installed Ad-Aware
    RP80: 3/24/2012 8:52:29 AM - Windows Update
    RP81: 3/24/2012 9:01:28 AM - Windows Update
    RP82: 3/24/2012 10:42:48 AM - Windows Update
    RP83: 3/24/2012 10:55:44 AM - Windows Update
    RP84: 3/26/2012 10:14:56 PM - Windows Update
    RP85: 3/27/2012 8:18:23 AM - Windows Update
    RP86: 3/28/2012 10:29:13 PM - Windows Update
    RP87: 3/28/2012 10:29:43 PM - Windows Update
    RP88: 3/31/2012 2:05:31 PM - Windows Update
    RP89: 3/31/2012 6:00:13 PM - Windows Update
    RP90: 4/1/2012 8:29:07 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ActiveCheck component for HP Active Support Library
    Adobe Acrobat 4.0
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3.3 MUI
    Adobe Shockwave Player 11.5
    Agatha Christie - Peril at End House
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Chuzzle Deluxe
    CyberLink DVD Suite
    CyberLink YouCam
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Farm Frenzy
    FATE
    Final Drive Nitro
    Heroes of Hellas 2 - Olympia
    HiJackThis
    HP CloudDrive
    HP Customer Experience Enhancements
    HP Documentation
    HP Game Console
    HP Games
    HP MovieStore
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP SimplePass 2011
    HP Software Framework
    HP Support Assistant
    HPAsset component for HP Active Support Library
    IDT Audio
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 22
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.60.1.1000
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyDataBase
    MySoftware Fonts
    Mystery P.I. - The London Caper
    Penguins!
    PictureMover
    Plants vs. Zombies
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    Recovery Manager
    Renesas Electronics USB 3.0 Host Controller Driver
    RoxioNow Player
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Stamps.com Internet Postage
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2008 x64 Redistributables
    Wajam
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/1/2012 8:30:03 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
    4/1/2012 1:25:26 AM, Error: Service Control Manager [7034] - The HP Auto service terminated unexpectedly. It has done this 1 time(s).
    3/31/2012 2:01:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ca9703, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 033112-84396-01.
    3/31/2012 1:59:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
    3/31/2012 1:59:16 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/27/2012 4:52:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000030, 0x0000000000000002, 0x0000000000000000, 0xfffff88000fda043). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-22885-01.
    .
    ==== End Of File ===========================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  12. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    Here is 2nd DDS log

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Rob at 16:56:12 on 2012-04-01
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4044.1279 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Program Files\Wajam\Updater\WajamUpdater.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\NOTEPAD.EXE
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://aol.com/
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files\Wajam\IE\priam_bho.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [<NO NAME>]
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\16E6E616 : DhcpNameServer = 167.206.254.1 167.206.254.2
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\4796D656771627E65627361626C65677966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\7516C647562702E45475D27657563747 : DhcpNameServer = 167.206.254.2 167.206.254.1
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\876696E696479777966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\A657374796E6 : DhcpNameServer = 167.206.254.2 167.206.254.1
    TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\E4F425D414E4 : DhcpNameServer = 167.206.254.1 167.206.254.2
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO-X64: TSBHO Class - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll
    BHO-X64: Wajam IE BHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [(Default)]
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-21 89600]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-7 249672]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-21 13336]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-21 2656280]
    R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-3-10 909152]
    R2 WajamUpdater;WajamUpdater;C:\Program Files\Wajam\Updater\WajamUpdater.exe [2012-3-9 109064]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-04-01 20:13:29 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{689EE1A3-DC84-4DFB-9B49-B7AA60F79707}\offreg.dll
    2012-04-01 05:26:11 20480 ----a-w- C:\Windows\svchost.exe
    2012-04-01 00:22:49 -------- d-----w- C:\Users\Rob\AppData\Roaming\Malwarebytes
    2012-04-01 00:22:44 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-01 00:22:44 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-01 00:22:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-31 22:00:52 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{689EE1A3-DC84-4DFB-9B49-B7AA60F79707}\mpengine.dll
    2012-03-20 02:24:22 -------- d-----w- C:\Users\Rob\AppData\Local\adaware
    2012-03-20 02:24:06 -------- d-----w- C:\Program Files (x86)\adawaretb
    2012-03-14 05:28:54 388096 ----a-r- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-03-14 05:28:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-03-14 02:26:56 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2012-03-14 02:26:52 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2012-03-14 02:26:12 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2012-03-10 23:47:15 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-03-10 23:45:24 -------- d-----w- C:\Users\Rob\AppData\Local\Wajam
    2012-03-10 23:45:24 -------- d-----w- C:\Program Files\Wajam
    2012-03-10 23:44:52 -------- d-----w- C:\Users\Rob\AppData\Roaming\AVG2012
    2012-03-10 23:38:19 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-03-10 23:38:17 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-03-10 23:38:15 -------- d--h--w- C:\ProgramData\Common Files
    2012-03-10 23:38:05 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-03-10 23:37:04 -------- d-----w- C:\Windows\System32\drivers\AVG
    2012-03-10 23:37:04 -------- d-----w- C:\ProgramData\AVG2012
    2012-03-10 23:35:15 -------- d-----w- C:\Program Files (x86)\AVG
    2012-03-10 23:30:11 -------- d-----w- C:\ProgramData\MFAData
    2012-03-10 23:30:07 -------- d-----w- C:\Users\Rob\AppData\Local\Google
    2012-03-10 23:30:03 -------- d-----w- C:\Users\Rob\AppData\Local\I Want This
    2012-03-09 14:46:51 -------- d-----w- C:\Users\Rob\AppData\Local\{C44D12A0-1A5F-49E8-B15E-79B2535D5DDB}
    2012-03-09 14:46:25 -------- d-----w- C:\Users\Rob\AppData\Local\{4397A341-BB60-4FEF-8F1D-EC59230A0390}
    2012-03-08 02:05:23 -------- d-----w- C:\Users\Rob\AppData\Roaming\IDT
    .
    ==================== Find3M ====================
    .
    2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
    .
    ============= FINISH: 16:56:51.60 ===============
     
  13. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    aswMBR log

    Just to clarify do you want me to download Bootkit Remover now?

    Here is aswMBR log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-01 17:08:22
    -----------------------------
    17:08:22.276 OS Version: Windows x64 6.1.7600
    17:08:22.276 Number of processors: 4 586 0x2A07
    17:08:22.277 ComputerName: PARADISELAPTOP UserName: Rob
    17:08:24.196 Initialize success
    17:09:21.313 AVAST engine defs: 12040101
    17:10:53.302 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    aswMBR log seems to be incomplete.
    Re-run it, be patient, let it finish.

    Then Bootkit Remover.
     
  15. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    aswMBR scan log

    Sorry, I think this is complete now.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-01 17:08:22
    -----------------------------
    17:08:22.276 OS Version: Windows x64 6.1.7600
    17:08:22.276 Number of processors: 4 586 0x2A07
    17:08:22.277 ComputerName: PARADISELAPTOP UserName: Rob
    17:08:24.196 Initialize success
    17:09:21.313 AVAST engine defs: 12040101
    17:10:53.302 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
    19:55:47.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    19:55:47.717 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
    19:55:47.721 Device \Driver\iaStor -> MajorFunction fffffa8006e8f5c4
    19:55:47.724 Disk 0 MBR read successfully
    19:55:47.727 Disk 0 MBR scan
    19:55:47.979 Disk 0 Windows 7 default MBR code
    19:55:47.997 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    19:55:48.112 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461162 MB offset 409600
    19:55:48.166 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15474 MB offset 944869376
    19:55:48.191 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
    19:55:48.379 Disk 0 scanning C:\Windows\system32\drivers
    19:55:58.947 Service scanning
    19:56:40.288 Modules scanning
    19:56:40.298 Disk 0 trace - called modules:
    19:56:40.306 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa8006e8f5c4]<<
    19:56:40.310 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006906060]
    19:56:40.315 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8006799b10]
    19:56:40.320 5 hpdskflt.sys[fffff880017f22bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004adf050]
    19:56:40.325 \Driver\iaStor[0xfffffa8006888c90] -> IRP_MJ_CREATE -> 0xfffffa8006e8f5c4
    19:56:46.584 AVAST engine scan C:\Windows
    19:56:48.662 AVAST engine scan C:\Windows\system32
    20:00:19.571 AVAST engine scan C:\Windows\system32\drivers
    20:00:32.140 AVAST engine scan C:\Users\Rob
    20:08:14.921 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
    20:08:14.931 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR1.txt"
     
  16. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    Bootkit Remover Log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-01 17:08:22
    -----------------------------
    17:08:22.276 OS Version: Windows x64 6.1.7600
    17:08:22.276 Number of processors: 4 586 0x2A07
    17:08:22.277 ComputerName: PARADISELAPTOP UserName: Rob
    17:08:24.196 Initialize success
    17:09:21.313 AVAST engine defs: 12040101
    17:10:53.302 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
    19:55:47.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    19:55:47.717 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
    19:55:47.721 Device \Driver\iaStor -> MajorFunction fffffa8006e8f5c4
    19:55:47.724 Disk 0 MBR read successfully
    19:55:47.727 Disk 0 MBR scan
    19:55:47.979 Disk 0 Windows 7 default MBR code
    19:55:47.997 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    19:55:48.112 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461162 MB offset 409600
    19:55:48.166 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15474 MB offset 944869376
    19:55:48.191 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
    19:55:48.379 Disk 0 scanning C:\Windows\system32\drivers
    19:55:58.947 Service scanning
    19:56:40.288 Modules scanning
    19:56:40.298 Disk 0 trace - called modules:
    19:56:40.306 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa8006e8f5c4]<<
    19:56:40.310 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006906060]
    19:56:40.315 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8006799b10]
    19:56:40.320 5 hpdskflt.sys[fffff880017f22bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004adf050]
    19:56:40.325 \Driver\iaStor[0xfffffa8006888c90] -> IRP_MJ_CREATE -> 0xfffffa8006e8f5c4
    19:56:46.584 AVAST engine scan C:\Windows
    19:56:48.662 AVAST engine scan C:\Windows\system32
    20:00:19.571 AVAST engine scan C:\Windows\system32\drivers
    20:00:32.140 AVAST engine scan C:\Users\Rob
    20:08:14.921 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
    20:08:14.931 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR1.txt"
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    You posted aswMBR log twice.
    I still need Bootkit Remover log.

    [​IMG]
     
  18. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    Bookit remover part 1

    Oh brother..... Okay, I am focused now.

    .\debug.cpp(238) : Debug log started at 02.04.2012 - 00:27:46
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x02c09000 0x005dc000 "\SystemRoot\system32\ntoskrnl.exe"
    .\debug.cpp(256) : 0x031e5000 0x00049000 "\SystemRoot\system32\hal.dll"
    .\debug.cpp(256) : 0x00ba8000 0x00003000 "\SystemRoot\system32\kdcom.dll"
    .\debug.cpp(256) : 0x00c2a000 0x00044000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
    .\debug.cpp(256) : 0x00c6e000 0x00014000 "\SystemRoot\system32\PSHED.dll"
    .\debug.cpp(256) : 0x00c82000 0x0005e000 "\SystemRoot\system32\CLFS.SYS"
    .\debug.cpp(256) : 0x00ce0000 0x000c0000 "\SystemRoot\system32\CI.dll"
    .\debug.cpp(256) : 0x00edc000 0x000a4000 "\SystemRoot\system32\drivers\Wdf01000.sys"
    .\debug.cpp(256) : 0x00f80000 0x0000f000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
    .\debug.cpp(256) : 0x00f8f000 0x00057000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
    .\debug.cpp(256) : 0x00fe6000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"
    .\debug.cpp(256) : 0x00fef000 0x0000a000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
    .\debug.cpp(256) : 0x00e00000 0x00033000 "\SystemRoot\system32\DRIVERS\pci.sys"
    .\debug.cpp(256) : 0x00e33000 0x0000d000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
    .\debug.cpp(256) : 0x00e40000 0x00015000 "\SystemRoot\System32\drivers\partmgr.sys"
    .\debug.cpp(256) : 0x00e55000 0x00009000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
    .\debug.cpp(256) : 0x00e5e000 0x0000c000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
    .\debug.cpp(256) : 0x00e6a000 0x00015000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
    .\debug.cpp(256) : 0x00e7f000 0x0005c000 "\SystemRoot\System32\drivers\volmgrx.sys"
    .\debug.cpp(256) : 0x00da0000 0x0001a000 "\SystemRoot\System32\drivers\mountmgr.sys"
    .\debug.cpp(256) : 0x01001000 0x00154000 "\SystemRoot\system32\DRIVERS\iaStor.sys"
    .\debug.cpp(256) : 0x01155000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
    .\debug.cpp(256) : 0x0115e000 0x0002a000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
    .\debug.cpp(256) : 0x01188000 0x0000b000 "\SystemRoot\system32\DRIVERS\msahci.sys"
    .\debug.cpp(256) : 0x01193000 0x00010000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
    .\debug.cpp(256) : 0x011a3000 0x0000b000 "\SystemRoot\system32\drivers\amdxata.sys"
    .\debug.cpp(256) : 0x011ae000 0x0004c000 "\SystemRoot\system32\drivers\fltmgr.sys"
    .\debug.cpp(256) : 0x00dba000 0x00014000 "\SystemRoot\system32\drivers\fileinfo.sys"
    .\debug.cpp(256) : 0x0123a000 0x001a2000 "\SystemRoot\System32\Drivers\Ntfs.sys"
    .\debug.cpp(256) : 0x01418000 0x0005e000 "\SystemRoot\System32\Drivers\msrpc.sys"
    .\debug.cpp(256) : 0x01476000 0x0001a000 "\SystemRoot\System32\Drivers\ksecdd.sys"
    .\debug.cpp(256) : 0x01490000 0x00073000 "\SystemRoot\System32\Drivers\cng.sys"
    .\debug.cpp(256) : 0x01503000 0x00011000 "\SystemRoot\System32\drivers\pcw.sys"
    .\debug.cpp(256) : 0x01514000 0x0000a000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
    .\debug.cpp(256) : 0x016e3000 0x000f2000 "\SystemRoot\system32\drivers\ndis.sys"
    .\debug.cpp(256) : 0x01600000 0x00060000 "\SystemRoot\system32\drivers\NETIO.SYS"
    .\debug.cpp(256) : 0x01660000 0x0002b000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
    .\debug.cpp(256) : 0x01800000 0x001fe000 "\SystemRoot\System32\drivers\tcpip.sys"
    .\debug.cpp(256) : 0x0168b000 0x0004a000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
    .\debug.cpp(256) : 0x0151e000 0x0004c000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
    .\debug.cpp(256) : 0x016d5000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
    .\debug.cpp(256) : 0x0156a000 0x0003a000 "\SystemRoot\System32\drivers\rdyboost.sys"
    .\debug.cpp(256) : 0x017d5000 0x00012000 "\SystemRoot\System32\Drivers\mup.sys"
    .\debug.cpp(256) : 0x017e7000 0x00009000 "\SystemRoot\System32\drivers\hwpolicy.sys"
    .\debug.cpp(256) : 0x017f0000 0x0000a000 "\SystemRoot\system32\DRIVERS\hpdskflt.sys"
    .\debug.cpp(256) : 0x015a4000 0x0003a000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
    .\debug.cpp(256) : 0x015de000 0x00016000 "\SystemRoot\system32\DRIVERS\disk.sys"
    .\debug.cpp(256) : 0x01200000 0x00030000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0x015f4000 0x0000a000 "\SystemRoot\system32\DRIVERS\AVGIDSEH.Sys"
    .\debug.cpp(256) : 0x02c00000 0x0002a000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0x02c2a000 0x00009000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0x02c33000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0x02c3a000 0x0000e000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0x02c48000 0x00025000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0x02c6d000 0x00010000 "\SystemRoot\System32\drivers\watchdog.sys"
    .\debug.cpp(256) : 0x02c7d000 0x00009000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0x02c86000 0x00009000 "\SystemRoot\system32\drivers\rdpencdd.sys"
    .\debug.cpp(256) : 0x0140e000 0x00009000 "\SystemRoot\system32\drivers\rdprefmp.sys"
    .\debug.cpp(256) : 0x013dc000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0x013e7000 0x00011000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0x00dce000 0x0001e000 "\SystemRoot\system32\DRIVERS\tdx.sys"
    .\debug.cpp(256) : 0x00dec000 0x0000d000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0x03a78000 0x00060000 "\SystemRoot\system32\DRIVERS\avgtdia.sys"
    .\debug.cpp(256) : 0x03ad8000 0x00045000 "\SystemRoot\System32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0x03b1d000 0x00089000 "\SystemRoot\system32\drivers\afd.sys"
    .\debug.cpp(256) : 0x03ba6000 0x00009000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
    .\debug.cpp(256) : 0x03baf000 0x00026000 "\SystemRoot\system32\DRIVERS\pacer.sys"
    .\debug.cpp(256) : 0x03bd5000 0x00016000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
    .\debug.cpp(256) : 0x03beb000 0x0000f000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0x03a00000 0x0001b000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0x03a1b000 0x00014000 "\SystemRoot\system32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0x03c2c000 0x00051000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0x03c7d000 0x0000c000 "\SystemRoot\system32\drivers\nsiproxy.sys"
    .\debug.cpp(256) : 0x03c89000 0x0000b000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0x03c94000 0x0000f000 "\SystemRoot\System32\drivers\discache.sys"
    .\debug.cpp(256) : 0x03ca3000 0x0001e000 "\SystemRoot\System32\Drivers\dfsc.sys"
    .\debug.cpp(256) : 0x03cc1000 0x00011000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
    .\debug.cpp(256) : 0x03cd2000 0x00026000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
    .\debug.cpp(256) : 0x04834000 0x00bb1000 "\SystemRoot\system32\DRIVERS\igdkmd64.sys"
    .\debug.cpp(256) : 0x03cf8000 0x00036000 "\SystemRoot\System32\Drivers\fastfat.SYS"
    .\debug.cpp(256) : 0x0425c000 0x000f4000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
    .\debug.cpp(256) : 0x04350000 0x00046000 "\SystemRoot\System32\drivers\dxgmms1.sys"
    .\debug.cpp(256) : 0x04396000 0x00011000 "\SystemRoot\system32\DRIVERS\HECIx64.sys"
    .\debug.cpp(256) : 0x043a7000 0x00011000 "\SystemRoot\system32\drivers\usbehci.sys"
    .\debug.cpp(256) : 0x04200000 0x00056000 "\SystemRoot\system32\drivers\USBPORT.SYS"
    .\debug.cpp(256) : 0x043b8000 0x00024000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
    .\debug.cpp(256) : 0x03d2e000 0x00065000 "\SystemRoot\system32\DRIVERS\Rt64win7.sys"
    .\debug.cpp(256) : 0x05644000 0x002f0000 "\SystemRoot\system32\DRIVERS\bcmwl664.sys"
    .\debug.cpp(256) : 0x05934000 0x0000d000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
    .\debug.cpp(256) : 0x05941000 0x00055000 "\SystemRoot\system32\DRIVERS\RtsPStor.sys"
    .\debug.cpp(256) : 0x05996000 0x00031000 "\SystemRoot\system32\DRIVERS\nusb3xhc.sys"
    .\debug.cpp(256) : 0x059c7000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0x059c9000 0x0001e000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
    .\debug.cpp(256) : 0x059e7000 0x0000f000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0x04406000 0x0015d000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
    .\debug.cpp(256) : 0x04563000 0x0000f000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0x04572000 0x00005000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
    .\debug.cpp(256) : 0x04577000 0x0000d000 "\SystemRoot\system32\DRIVERS\Accelerometer.sys"
    .\debug.cpp(256) : 0x04584000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
    .\debug.cpp(256) : 0x0458d000 0x00016000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
    .\debug.cpp(256) : 0x045a3000 0x00010000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
    .\debug.cpp(256) : 0x045b3000 0x00006000 "\SystemRoot\system32\DRIVERS\clwvd.sys"
    .\debug.cpp(256) : 0x045b9000 0x00043000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0x04400000 0x00006000 "\SystemRoot\system32\drivers\ksthunk.sys"
    .\debug.cpp(256) : 0x05600000 0x00016000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
    .\debug.cpp(256) : 0x05616000 0x00024000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0x043dc000 0x0000c000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0x04800000 0x0002f000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0x053e5000 0x0001b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0x03d93000 0x00021000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0x03db4000 0x0001a000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
    .\debug.cpp(256) : 0x045fc000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0x043e8000 0x00012000 "\SystemRoot\system32\DRIVERS\umbus.sys"
    .\debug.cpp(256) : 0x05c31000 0x0005a000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0x05c8b000 0x00019000 "\SystemRoot\system32\DRIVERS\nusb3hub.sys"
    .\debug.cpp(256) : 0x05ca4000 0x00015000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0x05cb9000 0x00083000 "\SystemRoot\system32\DRIVERS\stwrt64.sys"
    .\debug.cpp(256) : 0x05d3c000 0x0003d000 "\SystemRoot\system32\DRIVERS\portcls.sys"
    .\debug.cpp(256) : 0x05d79000 0x00022000 "\SystemRoot\system32\DRIVERS\drmk.sys"
    .\debug.cpp(256) : 0x05d9b000 0x00053000 "\SystemRoot\system32\DRIVERS\IntcDAud.sys"
    .\debug.cpp(256) : 0x00030000 0x00314000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0x05c00000 0x0000c000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0x05c0c000 0x0001d000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
    .\debug.cpp(256) : 0x03c00000 0x0001d000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0x03dce000 0x0002e000 "\SystemRoot\System32\Drivers\usbvideo.sys"
    .\debug.cpp(256) : 0x05dee000 0x0000e000 "\SystemRoot\System32\Drivers\crashdmp.sys"
    .\debug.cpp(256) : 0x02c8f000 0x00154000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
    .\debug.cpp(256) : 0x03a2f000 0x00013000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
    .\debug.cpp(256) : 0x03c1d000 0x0000e000 "\SystemRoot\system32\DRIVERS\monitor.sys"
    .\debug.cpp(256) : 0x005d0000 0x0000a000 "\SystemRoot\System32\TSDDD.dll"
    .\debug.cpp(256) : 0x006a0000 0x00027000 "\SystemRoot\System32\cdd.dll"
    .\debug.cpp(256) : 0x00990000 0x00061000 "\SystemRoot\System32\ATMFD.DLL"
    .\debug.cpp(256) : 0x03a42000 0x00023000 "\SystemRoot\system32\drivers\luafv.sys"
    .\debug.cpp(256) : 0x00c00000 0x00021000 "\SystemRoot\system32\drivers\WudfPf.sys"
    .\debug.cpp(256) : 0x03a65000 0x00011000 "\SystemRoot\system32\DRIVERS\WinUSB.sys"
    .\debug.cpp(256) : 0x02a9c000 0x00031000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
    .\debug.cpp(256) : 0x02acd000 0x00015000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
    .\debug.cpp(256) : 0x02ae2000 0x00053000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
    .\debug.cpp(256) : 0x02b35000 0x00013000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0x02b48000 0x00018000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
    .\debug.cpp(256) : 0x04617000 0x000c8000 "\SystemRoot\system32\drivers\HTTP.sys"
    .\debug.cpp(256) : 0x046df000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifimp.sys"
    .\debug.cpp(256) : 0x046e9000 0x0001e000 "\SystemRoot\system32\DRIVERS\bowser.sys"
    .\debug.cpp(256) : 0x04707000 0x00018000 "\SystemRoot\System32\drivers\mpsdrv.sys"
    .\debug.cpp(256) : 0x0471f000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0x0474c000 0x0004e000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
    .\debug.cpp(256) : 0x0479a000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
    .\debug.cpp(256) : 0x062ef000 0x000a6000 "\SystemRoot\system32\drivers\peauth.sys"
    .\debug.cpp(256) : 0x06395000 0x0000b000 "\SystemRoot\System32\Drivers\secdrv.SYS"
    .\debug.cpp(256) : 0x063a0000 0x0002d000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
    .\debug.cpp(256) : 0x063cd000 0x00012000 "\SystemRoot\System32\drivers\tcpipreg.sys"
    .\debug.cpp(256) : 0x06200000 0x00067000 "\SystemRoot\System32\DRIVERS\srv2.sys"
    .\debug.cpp(256) : 0x02b60000 0x00095000 "\SystemRoot\System32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0x062d8000 0x0000b000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
    .\debug.cpp(256) : 0x063df000 0x0000f000 "\??\C:\Users\Rob\AppData\Local\Temp\aswMBR.sys"
    .\debug.cpp(256) : 0x77270000 0x001ac000 "\Windows\System32\ntdll.dll"
    .\debug.cpp(256) : 0x47fc0000 0x00020000 "\Windows\System32\smss.exe"
    .\debug.cpp(256) : 0xff590000 0x00050000 "\Windows\System32\apisetschema.dll"
    .\debug.cpp(256) : 0xff0c0000 0x000c1000 "\Windows\System32\autochk.exe"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{af573040-53f3-11e0-bc1a-806e6f6e6963}#000000000C800000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000#4&3218bc92&0&0301#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\0000006e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
    .\debug.cpp(400) : Destination "\Device\00000046"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&12ce2502&0&01#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000007a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BB5F3E68-5F59-43CA-A009-2215802671E3}"
    .\debug.cpp(400) : Destination "\Device\NDMP16"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
    .\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_E258&MI_00#7&266896f9&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000077"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1db8b544-674a-11e0-81b7-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000043"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000038"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
    .\debug.cpp(400) : Destination "\Device\Psched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1db8b545-674a-11e0-81b7-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0AFF2BA0-7D6C-4922-ABF1-3D084430E82E}"
    .\debug.cpp(400) : Destination "\Device\NDMP6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0194&SUBSYS_1658103C&REV_04#4&1e0e3344&0&00E3#{ac051b02-603b-4b3c-b14b-95c9268de081}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
    .\debug.cpp(400) : Destination "\Device\AscKmd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1db8b546-674a-11e0-81b7-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_1658103C&REV_06#4&3b3f7c80&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{e849804e-c719-43d8-ac88-96b894c191e2}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1db8b547-674a-11e0-81b7-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
    .\debug.cpp(400) : Destination "\Device\SynTP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E43D242B-9EAB-4626-A952-46649FBB939A}"
    .\debug.cpp(400) : Destination "\Device\NDMP9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1C26&SUBSYS_1658103C&REV_04#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\0000007b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-024756b6-7bbb-11e1-a580-ac81122f6744"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-024756b6-7bbb-11e1-a580-ac81122f6744"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD9"
    .\debug.cpp(400) : Destination "\??\PCI#VEN_1033&DEV_0194&SUBSYS_1658103C&REV_04#4&1e0e3344&0&00E3#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4727&SUBSYS_145C103C&REV_01#4&ff2ade7&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{cb0b7def-63d0-44d6-bcd7-a5e6d1f8b362}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
    .\debug.cpp(400) : Destination "\Device\AgileVPN"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\iaStor0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0024#5&1a6f88c&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
    .\debug.cpp(400) : Destination "\Device\PEAuth"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
    .\debug.cpp(400) : Destination "\Device\IPSECDOSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-a482e7c2-f301-4d78-9167-a2a556726076"
    .\debug.cpp(400) : Destination "\Device\HostProcess-a482e7c2-f301-4d78-9167-a2a556726076"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_5209&SUBSYS_1658103C&REV_01#4&1f8a0e47&0&00E2#{b6a6b22e-d723-4e95-a518-6cbdbfa8cb61}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
    .\debug.cpp(400) : Destination "\Device\Video5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1137B7F-EDBA-481A-8682-F66E917C9B0B}"
    .\debug.cpp(400) : Destination "\Device\NDMP1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
    .\debug.cpp(400) : Destination "\Device\vwififlt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NDMP11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{af573040-53f3-11e0-bc1a-806e6f6e6963}#00000070A3200000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{af573040-53f3-11e0-bc1a-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
    .\debug.cpp(400) : Destination "\Device\ASYNCMAC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
    .\debug.cpp(400) : Destination "\Device\SPDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-0b1a808b-9159-4c95-897d-a2a1b6133c9e"
    .\debug.cpp(400) : Destination "\Device\HostProcess-0b1a808b-9159-4c95-897d-a2a1b6133c9e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#CMO15A2#4&32d93cca&0&UID67568640#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2f000702&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&340c8448&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUSB3#ROOT_HUB30#5&12f9d4e2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_E258#HF1016-A821-OV01-VH-R04.00.00#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
    .\debug.cpp(400) : Destination "\Device\CompositeBattery"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4727&SUBSYS_145C103C&REV_01#4&ff2ade7&0&00E1#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}"
    .\debug.cpp(400) : Destination "\Device\NDMP13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_42_-________Intel(R)_Core(TM)_i3-2310M_CPU_@_2.10GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000051"
    .
     
  19. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    Bookit Remover Log Part 2

    V_01#4&ff2ade7&0&00E1#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}"
    .\debug.cpp(400) : Destination "\Device\NDMP13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_42_-________Intel(R)_Core(TM)_i3-2310M_CPU_@_2.10GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000051"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUSB3#ROOT_HUB30#5&12f9d4e2&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS545050B9A300_________________PB4OCA1G#4&1067e056&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgTdi"
    .\debug.cpp(400) : Destination "\Device\AvgTdi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1C2D&SUBSYS_1658103C&REV_04#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1db8b552-674a-11e0-81b7-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
    .\debug.cpp(400) : Destination "\clfs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000038"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
    .\debug.cpp(400) : Destination "\Device\nativewifip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMBR"
    .\debug.cpp(400) : Destination "\Device\aswMBR"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-54cb248c-3c43-4749-a4aa-ba8b7767efb3"
    .\debug.cpp(400) : Destination "\Device\HostProcess-54cb248c-3c43-4749-a4aa-ba8b7767efb3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_42_-________Intel(R)_Core(TM)_i3-2310M_CPU_@_2.10GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000050"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
    .\debug.cpp(400) : Destination "\Device\00000046"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
    .\debug.cpp(400) : Destination "\Device\WwanProt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
    .\debug.cpp(400) : Destination "\Device\NDMP10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{379A871A-2B98-476A-AB88-56BFEC4A59C2}"
    .\debug.cpp(400) : Destination "\Device\NDMP7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
    .\debug.cpp(400) : Destination "\Device\WANARPV6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
    .\debug.cpp(400) : Destination "\Device\Nsi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{802389A0-9C1A-4C28-9099-BC7F2A90C31A}"
    .\debug.cpp(400) : Destination "\Device\NDMP8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&12ce2502&0&01#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000007a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000007c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-024756b7-7bbb-11e1-a580-ac81122f6744"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-024756b7-7bbb-11e1-a580-ac81122f6744"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&7b2bf30&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000063"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1C03&SUBSYS_1658103C&REV_04#3&11583659&0&FA#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4727&SUBSYS_145C103C&REV_01#4&ff2ade7&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_0116&SUBSYS_1658103C&REV_09#3&11583659&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{af573040-53f3-11e0-bc1a-806e6f6e6963}#000000746A400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
    .\debug.cpp(400) : Destination "\Device\Secdrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000053"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1C3A&SUBSYS_1658103C&REV_04#3&11583659&0&B0#{e2d1ff34-3458-49a9-88da-8e6915ce9be5}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_42_-________Intel(R)_Core(TM)_i3-2310M_CPU_@_2.10GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000004f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}"
    .\debug.cpp(400) : Destination "\Device\NDMP14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
    .\debug.cpp(400) : Destination "\Device\TeredoTun"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
    .\debug.cpp(400) : Destination "\Device\SstpDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{33D3CC9A-BB0F-4EF1-99A6-0B92D3861DB9}"
    .\debug.cpp(400) : Destination "\Device\NDMP17"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}"
    .\debug.cpp(400) : Destination "\Device\NDMP15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
    .\debug.cpp(400) : Destination "\Device\WFP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3C93E67E-CAA9-48AF-8AE1-FD16FE01BF9C}"
    .\debug.cpp(400) : Destination "\Device\NDMP5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0194&SUBSYS_1658103C&REV_04#4&1e0e3344&0&00E3#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
    .\debug.cpp(400) : Destination "\Device\MPS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
    .\debug.cpp(400) : Destination "\Device\WfpAle"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-dc8e45c0-7304-40c8-83b0-994dd1474b2c"
    .\debug.cpp(400) : Destination "\Device\HostProcess-dc8e45c0-7304-40c8-83b0-994dd1474b2c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
    .\debug.cpp(400) : Destination "\Device\ProcessManagement"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{078B24E7-DBD6-430A-8819-871BE9D4C170}"
    .\debug.cpp(400) : Destination "\Device\NDMP3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_1658103C&REV_06#4&3b3f7c80&0&00E0#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#HPQ0004#2&daba3ff&2#{dd2a6682-735e-4e8e-8a59-d9dccf1ebece}"
    .\debug.cpp(400) : Destination "\Device\0000004d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1E47#4&7b2bf30&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
    .\debug.cpp(400) : Destination "\Device\PartmgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_CDDVDW_TS-L633R______________________0300____#4&1067e056&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_138A&PID_0018#fbee3b09a190#{e2b5183a-99ea-4cc3-ad6b-80ca8d715b80}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_138A&PID_0018#fbee3b09a190#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_42_-________Intel(R)_Core(TM)_i3-2310M_CPU_@_2.10GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000052"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#CMO15A2#4&32d93cca&0&UID67568640#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
    .\debug.cpp(400) : Destination "\Device\NDMP12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDSErHr"
    .\debug.cpp(400) : Destination "\Device\AVGIDSErHr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_0116&SUBSYS_1658103C&REV_09#3&11583659&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0024#5&18a0da4&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_E258&MI_00#7&266896f9&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000077"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_CDDVDW_TS-L633R______________________0300____#4&1067e056&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#4&7b2bf30&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 465 GB \\.\PhysicalDrive0 Controlled by rootkit!
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1136) : Boot code on some of your physical disks is hidden by a rootkit.
    .\boot_cleaner.cpp(1138) : To disinfect the master boot sector, use the following command:
    .\boot_cleaner.cpp(1139) : remover.exe fix <device_name>
    .\boot_cleaner.cpp(1143) : To inspect the boot code manually, dump the master boot sector:
    .\boot_cleaner.cpp(1144) : remover.exe dump <device_name> [output_file]
    .\boot_cleaner.cpp(1147) :
    .\boot_cleaner.cpp(1152) : Done;
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  21. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    TDSSKILLER log part 1

    I had to reboot computer and I notices there is also a quarantine folder in root directory

    00:09:54.0688 7592 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    00:09:54.0927 7592 ============================================================
    00:09:54.0927 7592 Current date / time: 2012/04/02 00:09:54.0927
    00:09:54.0927 7592 SystemInfo:
    00:09:54.0927 7592
    00:09:54.0927 7592 OS Version: 6.1.7600 ServicePack: 0.0
    00:09:54.0927 7592 Product type: Workstation
    00:09:54.0927 7592 ComputerName: PARADISELAPTOP
    00:09:54.0927 7592 UserName: Rob
    00:09:54.0927 7592 Windows directory: C:\Windows
    00:09:54.0927 7592 System windows directory: C:\Windows
    00:09:54.0927 7592 Running under WOW64
    00:09:54.0927 7592 Processor architecture: Intel x64
    00:09:54.0927 7592 Number of processors: 4
    00:09:54.0927 7592 Page size: 0x1000
    00:09:54.0927 7592 Boot type: Normal boot
    00:09:54.0927 7592 ============================================================
    00:09:55.0620 7592 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    00:09:55.0623 7592 \Device\Harddisk0\DR0:
    00:09:55.0623 7592 MBR used
    00:09:55.0623 7592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    00:09:55.0623 7592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x384B5000
    00:09:55.0623 7592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38519000, BlocksNum 0x1E39000
    00:09:55.0623 7592 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
    00:09:55.0692 7592 Initialize success
    00:09:55.0692 7592 ============================================================
    00:10:17.0753 6884 ============================================================
    00:10:17.0753 6884 Scan started
    00:10:17.0753 6884 Mode: Manual;
    00:10:17.0753 6884 ============================================================
    00:10:19.0783 6884 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    00:10:19.0787 6884 1394ohci - ok
    00:10:19.0868 6884 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
    00:10:19.0870 6884 Accelerometer - ok
    00:10:20.0005 6884 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    00:10:20.0012 6884 ACPI - ok
    00:10:20.0053 6884 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    00:10:20.0054 6884 AcpiPmi - ok
    00:10:20.0111 6884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    00:10:20.0119 6884 adp94xx - ok
    00:10:20.0219 6884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    00:10:20.0225 6884 adpahci - ok
    00:10:20.0283 6884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    00:10:20.0287 6884 adpu320 - ok
    00:10:20.0340 6884 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    00:10:20.0341 6884 AeLookupSvc - ok
    00:10:20.0435 6884 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
    00:10:20.0438 6884 AESTFilters - ok
    00:10:20.0588 6884 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    00:10:20.0596 6884 AFD - ok
    00:10:20.0732 6884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    00:10:20.0734 6884 agp440 - ok
    00:10:20.0810 6884 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    00:10:20.0813 6884 ALG - ok
    00:10:20.0957 6884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    00:10:20.0959 6884 aliide - ok
    00:10:21.0002 6884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    00:10:21.0003 6884 amdide - ok
    00:10:21.0064 6884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    00:10:21.0065 6884 AmdK8 - ok
    00:10:21.0124 6884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    00:10:21.0125 6884 AmdPPM - ok
    00:10:21.0224 6884 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    00:10:21.0227 6884 amdsata - ok
    00:10:21.0271 6884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    00:10:21.0274 6884 amdsbs - ok
    00:10:21.0304 6884 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    00:10:21.0305 6884 amdxata - ok
    00:10:21.0402 6884 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    00:10:21.0403 6884 AppID - ok
    00:10:21.0455 6884 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    00:10:21.0456 6884 AppIDSvc - ok
    00:10:21.0531 6884 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    00:10:21.0532 6884 Appinfo - ok
    00:10:21.0621 6884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    00:10:21.0623 6884 arc - ok
    00:10:21.0684 6884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    00:10:21.0686 6884 arcsas - ok
    00:10:21.0737 6884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    00:10:21.0738 6884 AsyncMac - ok
    00:10:21.0806 6884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    00:10:21.0807 6884 atapi - ok
    00:10:21.0908 6884 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    00:10:21.0917 6884 AudioEndpointBuilder - ok
    00:10:21.0928 6884 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    00:10:21.0933 6884 AudioSrv - ok
    00:10:22.0072 6884 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    00:10:22.0073 6884 AVGIDSEH - ok
    00:10:22.0114 6884 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
    00:10:22.0119 6884 Avgtdia - ok
    00:10:22.0253 6884 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    00:10:22.0256 6884 avgwd - ok
    00:10:22.0370 6884 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    00:10:22.0373 6884 AxInstSV - ok
    00:10:22.0456 6884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    00:10:22.0463 6884 b06bdrv - ok
    00:10:22.0577 6884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    00:10:22.0582 6884 b57nd60a - ok
    00:10:22.0704 6884 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    00:10:22.0708 6884 BBSvc - ok
    00:10:22.0896 6884 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
    00:10:22.0996 6884 BCM43XX - ok
    00:10:23.0118 6884 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    00:10:23.0121 6884 BDESVC - ok
    00:10:23.0213 6884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    00:10:23.0215 6884 Beep - ok
    00:10:23.0360 6884 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    00:10:23.0374 6884 BFE - ok
    00:10:23.0484 6884 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
    00:10:23.0504 6884 BITS - ok
    00:10:23.0627 6884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    00:10:23.0629 6884 blbdrive - ok
    00:10:23.0718 6884 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    00:10:23.0719 6884 bowser - ok
    00:10:23.0840 6884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    00:10:23.0841 6884 BrFiltLo - ok
    00:10:23.0874 6884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    00:10:23.0875 6884 BrFiltUp - ok
    00:10:23.0911 6884 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    00:10:23.0913 6884 Browser - ok
    00:10:24.0072 6884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    00:10:24.0075 6884 Brserid - ok
    00:10:24.0128 6884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    00:10:24.0129 6884 BrSerWdm - ok
    00:10:24.0255 6884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    00:10:24.0256 6884 BrUsbMdm - ok
    00:10:24.0290 6884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    00:10:24.0291 6884 BrUsbSer - ok
    00:10:24.0333 6884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    00:10:24.0335 6884 BTHMODEM - ok
    00:10:24.0392 6884 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    00:10:24.0394 6884 bthserv - ok
    00:10:24.0523 6884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    00:10:24.0525 6884 cdfs - ok
    00:10:24.0591 6884 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    00:10:24.0594 6884 cdrom - ok
    00:10:24.0726 6884 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    00:10:24.0728 6884 CertPropSvc - ok
    00:10:24.0803 6884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    00:10:24.0804 6884 circlass - ok
    00:10:24.0869 6884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    00:10:24.0874 6884 CLFS - ok
    00:10:24.0972 6884 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    00:10:24.0973 6884 clr_optimization_v2.0.50727_32 - ok
    00:10:25.0006 6884 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    00:10:25.0008 6884 clr_optimization_v2.0.50727_64 - ok
    00:10:25.0102 6884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    00:10:25.0103 6884 clr_optimization_v4.0.30319_32 - ok
    00:10:25.0168 6884 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    00:10:25.0170 6884 clr_optimization_v4.0.30319_64 - ok
    00:10:25.0251 6884 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
    00:10:25.0252 6884 clwvd - ok
    00:10:25.0325 6884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    00:10:25.0325 6884 CmBatt - ok
    00:10:25.0358 6884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    00:10:25.0359 6884 cmdide - ok
    00:10:25.0446 6884 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    00:10:25.0451 6884 CNG - ok
    00:10:25.0582 6884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    00:10:25.0583 6884 Compbatt - ok
    00:10:25.0638 6884 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    00:10:25.0639 6884 CompositeBus - ok
    00:10:25.0684 6884 COMSysApp - ok
    00:10:25.0716 6884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    00:10:25.0716 6884 crcdisk - ok
    00:10:25.0824 6884 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    00:10:25.0827 6884 CryptSvc - ok
    00:10:25.0911 6884 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    00:10:25.0919 6884 DcomLaunch - ok
    00:10:26.0510 6884 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    00:10:26.0514 6884 defragsvc - ok
    00:10:26.0591 6884 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    00:10:26.0593 6884 DfsC - ok
    00:10:26.0718 6884 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    00:10:26.0722 6884 Dhcp - ok
    00:10:26.0774 6884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    00:10:26.0775 6884 discache - ok
    00:10:26.0932 6884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    00:10:26.0934 6884 Disk - ok
    00:10:27.0004 6884 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    00:10:27.0006 6884 Dnscache - ok
    00:10:27.0053 6884 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    00:10:27.0057 6884 dot3svc - ok
    00:10:27.0144 6884 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    00:10:27.0146 6884 DPS - ok
    00:10:27.0226 6884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    00:10:27.0228 6884 drmkaud - ok
    00:10:27.0330 6884 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    00:10:27.0340 6884 DXGKrnl - ok
    00:10:27.0451 6884 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    00:10:27.0453 6884 EapHost - ok
    00:10:27.0572 6884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    00:10:27.0607 6884 ebdrv - ok
    00:10:27.0698 6884 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    00:10:27.0699 6884 EFS - ok
    00:10:27.0796 6884 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    00:10:27.0804 6884 ehRecvr - ok
    00:10:27.0848 6884 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    00:10:27.0850 6884 ehSched - ok
    00:10:27.0956 6884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    00:10:27.0963 6884 elxstor - ok
    00:10:28.0315 6884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    00:10:28.0316 6884 ErrDev - ok
    00:10:28.0390 6884 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    00:10:28.0396 6884 EventSystem - ok
    00:10:28.0524 6884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    00:10:28.0527 6884 exfat - ok
    00:10:28.0562 6884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    00:10:28.0565 6884 fastfat - ok
    00:10:28.0644 6884 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    00:10:28.0651 6884 Fax - ok
    00:10:28.0742 6884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    00:10:28.0743 6884 fdc - ok
    00:10:28.0804 6884 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    00:10:28.0806 6884 fdPHost - ok
    00:10:28.0876 6884 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    00:10:28.0878 6884 FDResPub - ok
    00:10:28.0940 6884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    00:10:28.0941 6884 FileInfo - ok
    00:10:28.0978 6884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    00:10:28.0979 6884 Filetrace - ok
    00:10:29.0069 6884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    00:10:29.0070 6884 flpydisk - ok
    00:10:29.0122 6884 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    00:10:29.0126 6884 FltMgr - ok
    00:10:29.0191 6884 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
    00:10:29.0209 6884 FontCache - ok
    00:10:29.0302 6884 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    00:10:29.0303 6884 FontCache3.0.0.0 - ok
    00:10:29.0406 6884 FPLService (cdc54db949d1e2bbf86b0c7ab86b912e) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    00:10:29.0409 6884 FPLService - ok
    00:10:29.0480 6884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    00:10:29.0481 6884 FsDepends - ok
    00:10:29.0533 6884 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    00:10:29.0534 6884 Fs_Rec - ok
    00:10:29.0593 6884 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    00:10:29.0596 6884 fvevol - ok
    00:10:30.0007 6884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    00:10:30.0008 6884 gagp30kx - ok
    00:10:30.0091 6884 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    00:10:30.0094 6884 GameConsoleService - ok
    00:10:30.0181 6884 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    00:10:30.0189 6884 gpsvc - ok
    00:10:30.0283 6884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    00:10:30.0284 6884 hcw85cir - ok
    00:10:30.0335 6884 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    00:10:30.0340 6884 HdAudAddService - ok
    00:10:30.0370 6884 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    00:10:30.0371 6884 HDAudBus - ok
    00:10:30.0405 6884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    00:10:30.0406 6884 HidBatt - ok
    00:10:30.0494 6884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    00:10:30.0496 6884 HidBth - ok
    00:10:30.0522 6884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    00:10:30.0523 6884 HidIr - ok
    00:10:30.0548 6884 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    00:10:30.0550 6884 hidserv - ok
    00:10:30.0670 6884 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    00:10:30.0671 6884 HidUsb - ok
    00:10:30.0731 6884 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    00:10:30.0734 6884 hkmsvc - ok
    00:10:30.0781 6884 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    00:10:30.0785 6884 HomeGroupListener - ok
    00:10:30.0823 6884 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    00:10:30.0827 6884 HomeGroupProvider - ok
    00:10:30.0967 6884 HP Health Check Service (7a24ad37416b91e4b5e5b46bd25c075f) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    00:10:30.0968 6884 HP Health Check Service - ok
    00:10:31.0029 6884 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    00:10:31.0031 6884 HP Wireless Assistant Service - ok
    00:10:31.0094 6884 HPAuto (da075126f867727810ee9b98b3041c4c) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    00:10:31.0102 6884 HPAuto - ok
    00:10:31.0160 6884 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    00:10:31.0164 6884 HPClientSvc - ok
    00:10:31.0253 6884 HPDrvMntSvc.exe (2a047e7e0f1018e3134a4065636f2025) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    00:10:31.0254 6884 HPDrvMntSvc.exe - ok
    00:10:31.0356 6884 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
    00:10:31.0357 6884 hpdskflt - ok
    00:10:31.0474 6884 hpqwmiex (59cb6a1ca093edc2881598a45518857d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    00:10:31.0482 6884 hpqwmiex - ok
    00:10:31.0620 6884 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    00:10:31.0622 6884 HpSAMD - ok
    00:10:31.0662 6884 hpsrv (e2223a37896a76861d7f79fd81a2a193) C:\Windows\system32\Hpservice.exe
    00:10:31.0664 6884 hpsrv - ok
    00:10:31.0773 6884 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    00:10:31.0774 6884 HPWMISVC - ok
    00:10:31.0864 6884 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    00:10:31.0872 6884 HTTP - ok
    00:10:31.0960 6884 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    00:10:31.0960 6884 hwpolicy - ok
    00:10:32.0474 6884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    00:10:32.0476 6884 i8042prt - ok
    00:10:32.0614 6884 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
    00:10:32.0619 6884 iaStor - ok
    00:10:32.0760 6884 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    00:10:32.0762 6884 IAStorDataMgrSvc - ok
    00:10:32.0874 6884 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    00:10:32.0879 6884 iaStorV - ok
    00:10:32.0981 6884 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    00:10:32.0991 6884 idsvc - ok
    00:10:33.0330 6884 igfx (8cb8667f5a3b5515f2585f3254f3aaf7) C:\Windows\system32\DRIVERS\igdkmd64.sys
    00:10:33.0561 6884 igfx - ok
    00:10:33.0689 6884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    00:10:33.0691 6884 iirsp - ok
    00:10:33.0739 6884 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    00:10:33.0749 6884 IKEEXT - ok
    00:10:33.0900 6884 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    00:10:33.0904 6884 IntcDAud - ok
    00:10:33.0931 6884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    00:10:33.0932 6884 intelide - ok
    00:10:34.0054 6884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    00:10:34.0055 6884 intelppm - ok
    00:10:34.0149 6884 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    00:10:34.0151 6884 IPBusEnum - ok
    00:10:34.0204 6884 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    00:10:34.0205 6884 IpFilterDriver - ok
    00:10:34.0252 6884 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    00:10:34.0258 6884 iphlpsvc - ok
    00:10:34.0348 6884 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    00:10:34.0350 6884 IPMIDRV - ok
    00:10:34.0407 6884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    00:10:34.0409 6884 IPNAT - ok
    00:10:34.0472 6884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    00:10:34.0473 6884 IRENUM - ok
    00:10:34.0529 6884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    00:10:34.0530 6884 isapnp - ok
    00:10:34.0604 6884 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    00:10:34.0608 6884 iScsiPrt - ok
    00:10:34.0707 6884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    00:10:34.0709 6884 kbdclass - ok
    00:10:34.0764 6884 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    00:10:34.0766 6884 kbdhid - ok
    00:10:34.0855 6884 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    00:10:34.0858 6884 KeyIso - ok
    00:10:34.0901 6884 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    00:10:34.0904 6884 KSecDD - ok
    00:10:34.0946 6884 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    00:10:34.0949 6884 KSecPkg - ok
    00:10:35.0036 6884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    00:10:35.0037 6884 ksthunk - ok
    00:10:35.0078 6884 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    00:10:35.0083 6884 KtmRm - ok
    00:10:35.0167 6884 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
    00:10:35.0175 6884 LanmanServer - ok
    00:10:35.0241 6884 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    00:10:35.0247 6884 LanmanWorkstation - ok
    00:10:35.0364 6884 LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    00:10:35.0366 6884 LightScribeService - ok
    00:10:35.0492 6884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    00:10:35.0494 6884 lltdio - ok
    00:10:35.0589 6884 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    00:10:35.0593 6884 lltdsvc - ok
    00:10:35.0659 6884 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    00:10:35.0661 6884 lmhosts - ok
    00:10:35.0780 6884 LMS (c463a25f01c6237295917417c5e9e344) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    00:10:35.0784 6884 LMS - ok
    00:10:35.0912 6884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    00:10:35.0914 6884 LSI_FC - ok
    00:10:35.0966 6884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    00:10:35.0968 6884 LSI_SAS - ok
    00:10:35.0994 6884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    00:10:35.0995 6884 LSI_SAS2 - ok
    00:10:36.0095 6884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    00:10:36.0099 6884 LSI_SCSI - ok
    00:10:36.0171 6884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    00:10:36.0174 6884 luafv - ok
    00:10:36.0215 6884 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    00:10:36.0219 6884 Mcx2Svc - ok
    00:10:36.0323 6884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    00:10:36.0325 6884 megasas - ok
    00:10:36.0366 6884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    00:10:36.0370 6884 MegaSR - ok
    00:10:36.0450 6884 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    00:10:36.0452 6884 MEIx64 - ok
    00:10:36.0556 6884 Microsoft SharePoint Workspace Audit Service - ok
    00:10:36.0617 6884 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    00:10:36.0619 6884 MMCSS - ok
    00:10:36.0670 6884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    00:10:36.0671 6884 Modem - ok
    00:10:36.0742 6884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    00:10:36.0742 6884 monitor - ok
    00:10:36.0784 6884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    00:10:36.0786 6884 mouclass - ok
    00:10:36.0867 6884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    00:10:36.0874 6884 mouhid - ok
    00:10:36.0921 6884 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    00:10:36.0922 6884 mountmgr - ok
    00:10:36.0967 6884 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    00:10:36.0970 6884 mpio - ok
    00:10:37.0005 6884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    00:10:37.0006 6884 mpsdrv - ok
    00:10:37.0066 6884 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    00:10:37.0076 6884 MpsSvc - ok
    00:10:37.0151 6884 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    00:10:37.0155 6884 MRxDAV - ok
    00:10:37.0216 6884 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    00:10:37.0218 6884 mrxsmb - ok
    00:10:37.0270 6884 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    00:10:37.0273 6884 mrxsmb10 - ok
    00:10:37.0354 6884 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    00:10:37.0356 6884 mrxsmb20 - ok
    00:10:37.0407 6884 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
    00:10:37.0409 6884 msahci - ok
    00:10:37.0445 6884 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    00:10:37.0448 6884 msdsm - ok
    00:10:37.0530 6884 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    00:10:37.0534 6884 MSDTC - ok
    00:10:37.0609 6884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    00:10:37.0610 6884 Msfs - ok
    00:10:37.0653 6884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    00:10:37.0654 6884 mshidkmdf - ok
    00:10:37.0695 6884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    00:10:37.0696 6884 msisadrv - ok
    00:10:37.0764 6884 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    00:10:37.0766 6884 MSiSCSI - ok
    00:10:37.0799 6884 msiserver - ok
    00:10:37.0912 6884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    00:10:37.0913 6884 MSKSSRV - ok
    00:10:38.0271 6884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    00:10:38.0273 6884 MSPCLOCK - ok
    00:10:38.0343 6884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    00:10:38.0344 6884 MSPQM - ok
    00:10:38.0376 6884 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    00:10:38.0381 6884 MsRPC - ok
    00:10:38.0399 6884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    00:10:38.0400 6884 mssmbios - ok
    00:10:38.0423 6884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    00:10:38.0424 6884 MSTEE - ok
    00:10:38.0447 6884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    00:10:38.0448 6884 MTConfig - ok
    00:10:38.0466 6884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    00:10:38.0467 6884 Mup - ok
    00:10:38.0515 6884 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    00:10:38.0522 6884 napagent - ok
    00:10:38.0651 6884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    00:10:38.0654 6884 NativeWifiP - ok
    00:10:38.0723 6884 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    00:10:38.0732 6884 NDIS - ok
    00:10:38.0859 6884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    00:10:38.0860 6884 NdisCap - ok
    00:10:38.0905 6884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    00:10:38.0905 6884 NdisTapi - ok
    00:10:38.0956 6884 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    00:10:38.0958 6884 Ndisuio - ok
    00:10:38.0999 6884 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    00:10:39.0001 6884 NdisWan - ok
    00:10:39.0067 6884 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    00:10:39.0070 6884 NDProxy - ok
    00:10:39.0115 6884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    00:10:39.0116 6884 NetBIOS - ok
    00:10:39.0162 6884 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    00:10:39.0168 6884 NetBT - ok
    00:10:39.0234 6884 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    00:10:39.0236 6884 Netlogon - ok
    00:10:39.0316 6884 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    00:10:39.0323 6884 Netman - ok
    00:10:39.0378 6884 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    00:10:39.0387 6884 netprofm - ok
    00:10:39.0446 6884 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    00:10:39.0448 6884 NetTcpPortSharing - ok
    00:10:39.0697 6884 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    00:10:39.0809 6884 netw5v64 - ok
    00:10:39.0934 6884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    00:10:39.0936 6884 nfrd960 - ok
    00:10:40.0042 6884 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    00:10:40.0047 6884 NlaSvc - ok
    00:10:40.0105 6884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    00:10:40.0106 6884 Npfs - ok
    00:10:40.0167 6884 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    00:10:40.0169 6884 nsi - ok
    00:10:40.0199 6884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    00:10:40.0199 6884 nsiproxy - ok
    00:10:40.0270 6884 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    00:10:40.0291 6884 Ntfs - ok
    00:10:40.0389 6884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    00:10:40.0390 6884 Null - ok
    00:10:40.0450 6884 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
    00:10:40.0452 6884 nusb3hub - ok
    00:10:40.0483 6884 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    00:10:40.0487 6884 nusb3xhc - ok
    00:10:40.0617 6884 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    00:10:40.0621 6884 nvraid - ok
    00:10:40.0660 6884 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    00:10:40.0663 6884 nvstor - ok
    00:10:40.0717 6884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
     
  22. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    TDSSKILLER log Part 2

    00:10:40.0717 6884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    00:10:40.0720 6884 nv_agp - ok
    00:10:40.0808 6884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    00:10:40.0809 6884 ohci1394 - ok
    00:10:40.0904 6884 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:10:40.0907 6884 ose - ok
    00:10:41.0087 6884 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    00:10:41.0210 6884 osppsvc - ok
    00:10:41.0300 6884 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    00:10:41.0305 6884 p2pimsvc - ok
    00:10:41.0325 6884 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    00:10:41.0331 6884 p2psvc - ok
    00:10:41.0378 6884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    00:10:41.0380 6884 Parport - ok
    00:10:41.0458 6884 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    00:10:41.0461 6884 partmgr - ok
    00:10:41.0489 6884 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    00:10:41.0492 6884 PcaSvc - ok
    00:10:41.0513 6884 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    00:10:41.0516 6884 pci - ok
    00:10:41.0538 6884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    00:10:41.0539 6884 pciide - ok
    00:10:41.0647 6884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    00:10:41.0650 6884 pcmcia - ok
    00:10:41.0669 6884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    00:10:41.0670 6884 pcw - ok
    00:10:41.0693 6884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    00:10:41.0700 6884 PEAUTH - ok
    00:10:41.0777 6884 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    00:10:41.0778 6884 PerfHost - ok
    00:10:41.0862 6884 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    00:10:41.0878 6884 pla - ok
    00:10:42.0015 6884 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    00:10:42.0020 6884 PlugPlay - ok
    00:10:42.0051 6884 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    00:10:42.0053 6884 PNRPAutoReg - ok
    00:10:42.0090 6884 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    00:10:42.0093 6884 PNRPsvc - ok
    00:10:42.0141 6884 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    00:10:42.0147 6884 PolicyAgent - ok
    00:10:42.0181 6884 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    00:10:42.0185 6884 Power - ok
    00:10:42.0304 6884 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    00:10:42.0306 6884 PptpMiniport - ok
    00:10:42.0344 6884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    00:10:42.0345 6884 Processor - ok
    00:10:42.0384 6884 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    00:10:42.0387 6884 ProfSvc - ok
    00:10:42.0467 6884 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    00:10:42.0469 6884 ProtectedStorage - ok
    00:10:42.0548 6884 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    00:10:42.0550 6884 Psched - ok
    00:10:42.0621 6884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    00:10:42.0638 6884 ql2300 - ok
    00:10:42.0726 6884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    00:10:42.0728 6884 ql40xx - ok
    00:10:42.0773 6884 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    00:10:42.0778 6884 QWAVE - ok
    00:10:42.0851 6884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    00:10:42.0853 6884 QWAVEdrv - ok
    00:10:42.0878 6884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    00:10:42.0879 6884 RasAcd - ok
    00:10:42.0972 6884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    00:10:42.0973 6884 RasAgileVpn - ok
    00:10:43.0015 6884 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    00:10:43.0019 6884 RasAuto - ok
    00:10:43.0061 6884 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    00:10:43.0064 6884 Rasl2tp - ok
    00:10:43.0129 6884 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    00:10:43.0136 6884 RasMan - ok
    00:10:43.0213 6884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    00:10:43.0216 6884 RasPppoe - ok
    00:10:43.0293 6884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    00:10:43.0296 6884 RasSstp - ok
    00:10:43.0322 6884 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    00:10:43.0327 6884 rdbss - ok
    00:10:43.0345 6884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    00:10:43.0346 6884 rdpbus - ok
    00:10:43.0372 6884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    00:10:43.0373 6884 RDPCDD - ok
    00:10:43.0474 6884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    00:10:43.0475 6884 RDPENCDD - ok
    00:10:43.0506 6884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    00:10:43.0507 6884 RDPREFMP - ok
    00:10:43.0547 6884 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
    00:10:43.0550 6884 RDPWD - ok
    00:10:43.0623 6884 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
    00:10:43.0628 6884 rdyboost - ok
    00:10:43.0744 6884 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    00:10:43.0749 6884 RemoteAccess - ok
    00:10:43.0830 6884 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    00:10:43.0837 6884 RemoteRegistry - ok
    00:10:43.0892 6884 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    00:10:43.0901 6884 RoxioNow Service - ok
    00:10:43.0975 6884 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    00:10:43.0978 6884 RpcEptMapper - ok
    00:10:44.0008 6884 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    00:10:44.0010 6884 RpcLocator - ok
    00:10:44.0094 6884 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    00:10:44.0104 6884 RpcSs - ok
    00:10:44.0238 6884 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
    00:10:44.0242 6884 RSPCIESTOR - ok
    00:10:44.0324 6884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    00:10:44.0326 6884 rspndr - ok
    00:10:44.0366 6884 RTL8167 (5d6a444bd37b52ff846387c87dcdf98a) C:\Windows\system32\DRIVERS\Rt64win7.sys
    00:10:44.0372 6884 RTL8167 - ok
    00:10:44.0456 6884 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    00:10:44.0459 6884 SamSs - ok
    00:10:44.0503 6884 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    00:10:44.0505 6884 sbp2port - ok
    00:10:44.0542 6884 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    00:10:44.0547 6884 SCardSvr - ok
    00:10:44.0641 6884 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    00:10:44.0643 6884 scfilter - ok
    00:10:44.0712 6884 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    00:10:44.0726 6884 Schedule - ok
    00:10:44.0807 6884 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    00:10:44.0808 6884 SCPolicySvc - ok
    00:10:44.0884 6884 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
    00:10:44.0887 6884 sdbus - ok
    00:10:44.0919 6884 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    00:10:44.0923 6884 SDRSVC - ok
    00:10:45.0037 6884 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    00:10:45.0041 6884 SeaPort - ok
    00:10:45.0155 6884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    00:10:45.0156 6884 secdrv - ok
    00:10:45.0196 6884 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    00:10:45.0198 6884 seclogon - ok
    00:10:45.0260 6884 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    00:10:45.0262 6884 SENS - ok
    00:10:45.0310 6884 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    00:10:45.0312 6884 SensrSvc - ok
    00:10:45.0372 6884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    00:10:45.0373 6884 Serenum - ok
    00:10:45.0456 6884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    00:10:45.0459 6884 Serial - ok
    00:10:45.0484 6884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    00:10:45.0486 6884 sermouse - ok
    00:10:45.0525 6884 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    00:10:45.0528 6884 SessionEnv - ok
    00:10:45.0621 6884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    00:10:45.0622 6884 sffdisk - ok
    00:10:45.0656 6884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    00:10:45.0657 6884 sffp_mmc - ok
    00:10:45.0671 6884 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    00:10:45.0673 6884 sffp_sd - ok
    00:10:45.0689 6884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    00:10:45.0704 6884 sfloppy - ok
    00:10:45.0825 6884 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    00:10:45.0832 6884 SharedAccess - ok
    00:10:45.0859 6884 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    00:10:45.0866 6884 ShellHWDetection - ok
    00:10:45.0945 6884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    00:10:45.0947 6884 SiSRaid2 - ok
    00:10:46.0046 6884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    00:10:46.0049 6884 SiSRaid4 - ok
    00:10:46.0107 6884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    00:10:46.0109 6884 Smb - ok
    00:10:46.0203 6884 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    00:10:46.0206 6884 SNMPTRAP - ok
    00:10:46.0271 6884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    00:10:46.0273 6884 spldr - ok
    00:10:46.0338 6884 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    00:10:46.0348 6884 Spooler - ok
    00:10:46.0515 6884 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    00:10:46.0552 6884 sppsvc - ok
    00:10:46.0644 6884 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    00:10:46.0650 6884 sppuinotify - ok
    00:10:46.0748 6884 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    00:10:46.0755 6884 srv - ok
    00:10:46.0871 6884 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    00:10:46.0876 6884 srv2 - ok
    00:10:46.0915 6884 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    00:10:46.0919 6884 SrvHsfHDA - ok
    00:10:46.0974 6884 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    00:10:46.0990 6884 SrvHsfV92 - ok
    00:10:47.0108 6884 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    00:10:47.0118 6884 SrvHsfWinac - ok
    00:10:47.0211 6884 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    00:10:47.0215 6884 srvnet - ok
    00:10:47.0313 6884 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    00:10:47.0320 6884 SSDPSRV - ok
    00:10:47.0432 6884 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    00:10:47.0437 6884 SstpSvc - ok
    00:10:47.0513 6884 STacSV (7c49a5e1943afda4672d80726af3bae4) C:\Program Files\IDT\WDM\STacSV64.exe
    00:10:47.0519 6884 STacSV - ok
    00:10:47.0615 6884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    00:10:47.0617 6884 stexstor - ok
    00:10:47.0710 6884 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
    00:10:47.0717 6884 STHDA - ok
    00:10:47.0860 6884 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    00:10:47.0873 6884 stisvc - ok
    00:10:47.0964 6884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    00:10:47.0967 6884 swenum - ok
    00:10:48.0145 6884 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    00:10:48.0154 6884 swprv - ok
    00:10:48.0293 6884 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
    00:10:48.0308 6884 SynTP - ok
    00:10:48.0421 6884 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    00:10:48.0440 6884 SysMain - ok
    00:10:48.0540 6884 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    00:10:48.0542 6884 TabletInputService - ok
    00:10:48.0588 6884 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    00:10:48.0593 6884 TapiSrv - ok
    00:10:48.0625 6884 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    00:10:48.0627 6884 TBS - ok
    00:10:48.0742 6884 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
    00:10:48.0763 6884 Tcpip - ok
    00:10:48.0918 6884 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
    00:10:48.0930 6884 TCPIP6 - ok
    00:10:49.0023 6884 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    00:10:49.0024 6884 tcpipreg - ok
    00:10:49.0071 6884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    00:10:49.0072 6884 TDPIPE - ok
    00:10:49.0113 6884 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    00:10:49.0114 6884 TDTCP - ok
    00:10:49.0224 6884 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    00:10:49.0226 6884 tdx - ok
    00:10:49.0238 6884 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    00:10:49.0240 6884 TermDD - ok
    00:10:49.0280 6884 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    00:10:49.0290 6884 TermService - ok
    00:10:49.0376 6884 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    00:10:49.0378 6884 Themes - ok
    00:10:49.0408 6884 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    00:10:49.0410 6884 THREADORDER - ok
    00:10:49.0430 6884 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    00:10:49.0432 6884 TrkWks - ok
    00:10:49.0471 6884 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    00:10:49.0473 6884 TrustedInstaller - ok
    00:10:49.0540 6884 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    00:10:49.0542 6884 tssecsrv - ok
    00:10:49.0629 6884 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    00:10:49.0631 6884 tunnel - ok
    00:10:49.0658 6884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    00:10:49.0659 6884 uagp35 - ok
    00:10:49.0737 6884 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
    00:10:49.0741 6884 udfs - ok
    00:10:49.0803 6884 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    00:10:49.0806 6884 UI0Detect - ok
    00:10:49.0895 6884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    00:10:49.0896 6884 uliagpkx - ok
    00:10:49.0953 6884 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    00:10:49.0954 6884 umbus - ok
    00:10:50.0107 6884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    00:10:50.0108 6884 UmPass - ok
    00:10:50.0293 6884 UNS (3a1ecef8d49fc1a786a6ccd5a86a8878) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    00:10:50.0319 6884 UNS - ok
    00:10:50.0420 6884 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    00:10:50.0425 6884 upnphost - ok
    00:10:50.0477 6884 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
    00:10:50.0479 6884 usbccgp - ok
    00:10:50.0561 6884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    00:10:50.0562 6884 usbcir - ok
    00:10:50.0635 6884 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
    00:10:50.0636 6884 usbehci - ok
    00:10:50.0661 6884 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
    00:10:50.0669 6884 usbhub - ok
    00:10:50.0708 6884 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
    00:10:50.0709 6884 usbohci - ok
    00:10:50.0811 6884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    00:10:50.0812 6884 usbprint - ok
    00:10:50.0842 6884 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    00:10:50.0843 6884 USBSTOR - ok
    00:10:50.0893 6884 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
    00:10:50.0895 6884 usbuhci - ok
    00:10:51.0053 6884 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
    00:10:51.0057 6884 usbvideo - ok
    00:10:51.0088 6884 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    00:10:51.0091 6884 UxSms - ok
    00:10:51.0180 6884 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    00:10:51.0181 6884 VaultSvc - ok
    00:10:51.0252 6884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    00:10:51.0253 6884 vdrvroot - ok
    00:10:51.0298 6884 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    00:10:51.0305 6884 vds - ok
    00:10:51.0399 6884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    00:10:51.0400 6884 vga - ok
    00:10:51.0421 6884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    00:10:51.0422 6884 VgaSave - ok
    00:10:51.0456 6884 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    00:10:51.0459 6884 vhdmp - ok
    00:10:51.0479 6884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    00:10:51.0480 6884 viaide - ok
    00:10:51.0568 6884 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    00:10:51.0569 6884 volmgr - ok
    00:10:51.0602 6884 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    00:10:51.0606 6884 volmgrx - ok
    00:10:51.0637 6884 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    00:10:51.0640 6884 volsnap - ok
    00:10:51.0760 6884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    00:10:51.0763 6884 vsmraid - ok
    00:10:51.0840 6884 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    00:10:51.0860 6884 VSS - ok
    00:10:51.0953 6884 vToolbarUpdater (49099f62da09c819ecc69e9d9267d3ac) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    00:10:51.0964 6884 vToolbarUpdater - ok
    00:10:52.0120 6884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    00:10:52.0121 6884 vwifibus - ok
    00:10:52.0179 6884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    00:10:52.0180 6884 vwififlt - ok
    00:10:52.0231 6884 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    00:10:52.0232 6884 vwifimp - ok
    00:10:52.0283 6884 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    00:10:52.0289 6884 W32Time - ok
    00:10:52.0386 6884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    00:10:52.0387 6884 WacomPen - ok
    00:10:52.0480 6884 WajamUpdater (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files\Wajam\Updater\WajamUpdater.exe
    00:10:52.0482 6884 WajamUpdater - ok
    00:10:52.0614 6884 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    00:10:52.0616 6884 WANARP - ok
    00:10:52.0621 6884 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    00:10:52.0622 6884 Wanarpv6 - ok
    00:10:52.0698 6884 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    00:10:52.0711 6884 WatAdminSvc - ok
    00:10:52.0837 6884 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    00:10:52.0860 6884 wbengine - ok
    00:10:52.0959 6884 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    00:10:52.0966 6884 WbioSrvc - ok
    00:10:53.0006 6884 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    00:10:53.0014 6884 wcncsvc - ok
    00:10:53.0056 6884 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    00:10:53.0059 6884 WcsPlugInService - ok
    00:10:53.0116 6884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    00:10:53.0118 6884 Wd - ok
    00:10:53.0192 6884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    00:10:53.0200 6884 Wdf01000 - ok
    00:10:53.0287 6884 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    00:10:53.0290 6884 WdiServiceHost - ok
    00:10:53.0295 6884 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    00:10:53.0297 6884 WdiSystemHost - ok
    00:10:53.0331 6884 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    00:10:53.0335 6884 WebClient - ok
    00:10:53.0381 6884 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    00:10:53.0386 6884 Wecsvc - ok
    00:10:53.0393 6884 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    00:10:53.0396 6884 wercplsupport - ok
    00:10:53.0492 6884 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    00:10:53.0495 6884 WerSvc - ok
    00:10:53.0595 6884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    00:10:53.0596 6884 WfpLwf - ok
    00:10:53.0667 6884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    00:10:53.0668 6884 WIMMount - ok
    00:10:53.0694 6884 WinDefend - ok
    00:10:53.0700 6884 WinHttpAutoProxySvc - ok
    00:10:53.0812 6884 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    00:10:53.0815 6884 Winmgmt - ok
    00:10:53.0898 6884 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    00:10:53.0920 6884 WinRM - ok
    00:10:54.0456 6884 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUSB.sys
    00:10:54.0458 6884 WinUsb - ok
    00:10:54.0531 6884 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    00:10:54.0543 6884 Wlansvc - ok
    00:10:54.0644 6884 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    00:10:54.0646 6884 wlcrasvc - ok
    00:10:54.0726 6884 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    00:10:54.0751 6884 wlidsvc - ok
    00:10:54.0842 6884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    00:10:54.0851 6884 WmiAcpi - ok
    00:10:54.0892 6884 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    00:10:54.0896 6884 wmiApSrv - ok
    00:10:54.0955 6884 WMPNetworkSvc - ok
    00:10:55.0019 6884 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    00:10:55.0021 6884 WPCSvc - ok
    00:10:55.0063 6884 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    00:10:55.0066 6884 WPDBusEnum - ok
    00:10:55.0114 6884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    00:10:55.0115 6884 ws2ifsl - ok
    00:10:55.0209 6884 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
    00:10:55.0211 6884 wscsvc - ok
    00:10:55.0217 6884 WSearch - ok
    00:10:55.0284 6884 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
    00:10:55.0311 6884 wuauserv - ok
    00:10:55.0409 6884 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    00:10:55.0411 6884 WudfPf - ok
    00:10:55.0427 6884 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    00:10:55.0430 6884 WUDFRd - ok
    00:10:55.0453 6884 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    00:10:55.0456 6884 wudfsvc - ok
    00:10:55.0538 6884 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    00:10:55.0544 6884 WwanSvc - ok
    00:10:55.0616 6884 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    00:10:55.0620 6884 yukonw7 - ok
    00:10:55.0673 6884 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
    00:10:55.0696 6884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    00:10:55.0696 6884 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    00:10:55.0727 6884 Boot (0x1200) (a668b9f9530f321df6e3224dee9e9575) \Device\Harddisk0\DR0\Partition0
    00:10:55.0728 6884 \Device\Harddisk0\DR0\Partition0 - ok
    00:10:55.0742 6884 Boot (0x1200) (eecff7c21a64a01f1af2a8abdef48a2f) \Device\Harddisk0\DR0\Partition1
    00:10:55.0743 6884 \Device\Harddisk0\DR0\Partition1 - ok
    00:10:55.0773 6884 Boot (0x1200) (27903313925fca4826103115a2bb6bb1) \Device\Harddisk0\DR0\Partition2
    00:10:55.0774 6884 \Device\Harddisk0\DR0\Partition2 - ok
    00:10:55.0787 6884 Boot (0x1200) (beac9e6a36e70ed0c36cc23d27c1d630) \Device\Harddisk0\DR0\Partition3
    00:10:55.0787 6884 \Device\Harddisk0\DR0\Partition3 - ok
    00:10:55.0788 6884 ============================================================
    00:10:55.0788 6884 Scan finished
    00:10:55.0788 6884 ============================================================
    00:10:55.0798 8640 Detected object count: 1
    00:10:55.0798 8640 Actual detected object count: 1
    00:11:27.0490 8640 \Device\Harddisk0\DR0\# - copied to quarantine
    00:11:27.0490 8640 \Device\Harddisk0\DR0 - copied to quarantine
    00:11:27.0519 8640 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    00:11:27.0521 8640 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    00:11:27.0525 8640 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
    00:11:27.0533 8640 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    00:11:27.0538 8640 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    00:11:27.0539 8640 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    00:11:27.0540 8640 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    00:11:27.0541 8640 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    00:11:27.0542 8640 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    00:11:27.0545 8640 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    00:11:27.0546 8640 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    00:11:27.0569 8640 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    00:11:27.0569 8640 \Device\Harddisk0\DR0 - ok
    00:11:30.0327 8640 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    00:11:54.0739 5084 Deinitialize success
     
  23. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  24. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    Just want to let you know

    Java is trying to update. I am not allowing it to but I just realized that java has been trying to do that for weeks. Just thought I should let you know. I am off to your next task.
     
  25. Rob5sl

    Rob5sl TS Rookie Topic Starter Posts: 28

    ComboFix log

    ComboFix 12-04-01.01 - Rob 04/02/2012 1:27.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4044.2685 [GMT -4:00]
    Running from: c:\users\Rob\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63D2EE13-9A6C-44EE-80B2-34D8541ABA8C}.xps
    c:\users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6DE00AE2-21DB-4E2E-884C-FA32BFAD710F}.xps
    c:\users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90E0526E-C532-4227-B926-5E663ADD92B5}.xps
    c:\users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\{931C1DC8-F4F2-4A38-9B01-9D97B995AF3F}.xps
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-02 05:32 . 2012-04-02 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-02 04:11 . 2012-04-02 04:11 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-01 00:22 . 2012-04-01 00:22 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes
    2012-04-01 00:22 . 2012-04-01 00:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-01 00:22 . 2012-04-01 00:22 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-01 00:22 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-31 22:00 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{689EE1A3-DC84-4DFB-9B49-B7AA60F79707}\mpengine.dll
    2012-03-20 02:24 . 2012-03-20 02:24 -------- d-----w- c:\users\Rob\AppData\Local\adaware
    2012-03-20 02:24 . 2012-03-24 16:21 -------- d-----w- c:\program files (x86)\adawaretb
    2012-03-14 05:28 . 2012-03-14 05:28 388096 ----a-r- c:\users\Rob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-03-14 05:28 . 2012-03-14 05:28 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-03-14 02:26 . 2012-03-24 16:21 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
    2012-03-14 02:26 . 2012-03-24 16:21 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
    2012-03-14 02:26 . 2012-03-14 02:26 -------- d-----w- c:\programdata\Lavasoft
    2012-03-14 02:26 . 2012-03-14 02:26 -------- d-----w- c:\program files (x86)\Lavasoft
    2012-03-10 23:47 . 2012-03-14 04:46 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2012-03-10 23:45 . 2012-03-10 23:45 -------- d-----w- c:\program files\Wajam
    2012-03-10 23:45 . 2012-03-10 23:45 -------- d-----w- c:\users\Rob\AppData\Local\Wajam
    2012-03-10 23:44 . 2012-03-10 23:44 -------- d-----w- c:\users\Rob\AppData\Roaming\AVG2012
    2012-03-10 23:38 . 2012-03-10 23:38 -------- d-----w- c:\programdata\AVG Secure Search
    2012-03-10 23:38 . 2012-03-24 16:44 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2012-03-10 23:38 . 2012-03-10 23:38 -------- d--h--w- c:\programdata\Common Files
    2012-03-10 23:38 . 2012-03-10 23:38 -------- d-----w- c:\windows\SysWow64\drivers\AVG
    2012-03-10 23:37 . 2012-03-24 16:44 -------- d-----w- c:\programdata\AVG2012
    2012-03-10 23:37 . 2012-03-10 23:45 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-03-10 23:35 . 2012-03-10 23:35 -------- d-----w- c:\program files (x86)\AVG
    2012-03-10 23:30 . 2012-04-01 23:56 -------- d-----w- c:\programdata\MFAData
    2012-03-10 23:30 . 2012-03-10 23:30 -------- d-----w- c:\users\Rob\AppData\Local\Google
    2012-03-10 23:30 . 2012-03-10 23:30 -------- d-----w- c:\users\Rob\AppData\Local\I Want This
    2012-03-08 02:05 . 2012-03-08 02:05 -------- d-----w- c:\users\Rob\AppData\Roaming\IDT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 13:18 . 2011-04-16 01:16 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-04 09:58 . 2012-02-21 15:33 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-04 09:03 . 2012-02-21 15:33 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-01-03 06:24 . 2012-02-21 15:32 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-01-03 05:44 . 2012-02-21 15:32 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-03-10 23:47 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-03-10 1811296]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-10 939872]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
    R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-04 92216]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
    S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-03-10 909152]
    S2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [2012-03-09 109064]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-15 c:\windows\Tasks\HPCeeScheduleForPARADISELAPTOP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    2012-03-27 c:\windows\Tasks\HPCeeScheduleForRob.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-22 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-22 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-22 418328]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://aol.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Acrobat 4.0 - c:\program files (x86)\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu
    AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-02 01:40:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-02 05:40
    .
    Pre-Run: 422,252,101,632 bytes free
    Post-Run: 425,446,592,512 bytes free
    .
    - - End Of File - - 8EC5D7B64182505609143A66F4448C40
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...