Inactive-A How to interfere with hijacked MS Explorer

Row1

Posts: 326   +13
Hello, everyone - I am accessing from my work computer, which is fine. My personal laptop, a Dell E4300, has just recently gotten hijacked by something. It has taken over MS Explorer. When I boot up, BEFORE ever clicking to start MS Explorer, Explorer starts running.

MS Explorer consumes a great portion of CPU in several sessions, and consumes MOST of RAM.

So, ANYTHING else runs VERY slow.

I am ready to go through the Techspot virus/malware process, but it might take days since thje computer is running so slow.

I can get it to run faster for a minute or two by getting in the task manager and ending instances of MS Explorer.

But how can I interfere or stop MS Explorer for a longer period of time? Hopefully until I myself choose to run it again? THANKS!

Until then, I will have to download stuff on my work comp, transfer to personal laptop, and let it run. This will be a big challenge.
 
OH, BTW, able to get personal laptop running at all because I downloaded Firefox; MS Explorer and Google Chrome are totally jacked up.
 
OK, in the task manager I ended all instances of MS Explorer. This brought CPU load down to normal, 1-2%. Then, activity kicked back up with a few dll.exe.
I cancelled those processes and the computer goes back to normal for about two minutes, before the dllhost.exe shows up again, using 53%, 78%, 47% of CPU.

Internet Explorer has not come back on.

Just some dllhost.exe coming back to life.

Also, when I do this, to get some control back, I lose the file explorer - so I cannot save, rename, or move files.

I may need to download and install a file browser other than windows file explorer to solve this problem.
 
The dllhost.exe process, in task manager, says for description: "COM Surrogate."
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

It looks like you're infected with Poweliks malware.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
 
Results from roguekiller:

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : e4300 [Administrator]
Mode : Delete -- Date : 11/02/2014 20:18:10
¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] explorer.exe -- C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\zipfldr.dll[-] -> Unloaded
[Suspicious.Path] rundll32.exe -- C:\Users\e4300\AppData\Local\movziuz.dll[-] -> Unloaded
¤¤¤ Registry : 12 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Not selected
[PUP] HKEY_USERS\S-1-5-21-2579459372-583501214-59938211-1000\Software\Microsoft\Windows\CurrentVersion\Run | PriceMeterW : "C:\Users\e4300\AppData\Local\PriceMeter\pricemeterw.exe" -> Not selected
[Suspicious.Path] HKEY_USERS\S-1-5-21-2579459372-583501214-59938211-1000\Software\Microsoft\Windows\CurrentVersion\Run | movziuz : rundll32 "C:\Users\e4300\AppData\Local\movziuz.dll",movziuz [x][x] -> Deleted
[Suspicious.Path] HKEY_USERS\S-1-5-21-2579459372-583501214-59938211-1000\Software\Microsoft\Windows\CurrentVersion\Run | PoxkEsosv : regsvr32.exe "C:\ProgramData\PoxkEsosv\PoxkEsosv.dat" [7][-] -> Deleted
[Suspicious.Path] HKEY_USERS\S-1-5-21-2579459372-583501214-59938211-1000\Software\Microsoft\Windows\CurrentVersion\Run | OufjeZfoze : regsvr32.exe "C:\ProgramData\OufjeZfoze\OufjeZfoze.dat" [7][-] -> Deleted
[PUM.HomePage] HKEY_USERS\S-1-5-21-2579459372-583501214-59938211-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/ -> Not selected
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2579459372-583501214-59938211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[Tr.Poweliks] HKEY_USERS\S-1-5-21-2579459372-583501214-59938211-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Deleted
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 59 (Driver: Loaded) ¤¤¤
[IAT:Inl] (explorer.exe) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ USER32.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ MSCTF.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ iertutil.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Addr] (explorer.exe @ USERENV.dll) GPAPI.dll - RegisterGPNotificationInternal : Unknown @ 0x74d3278f
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ apphelp.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x699b3cd (jmp 0x655ee9b)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ SndVolSSO.DLL) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ urlmon.dll) KERNEL32.dll - CreateProcessA : Unknown @ 0x699b32b (jmp 0xffffffff90a292a9)
[IAT:Addr] (explorer.exe @ schannel.DLL) ncrypt.dll - SslIncrementProviderReferenceCount : Unknown @ 0x752b5c53
[IAT:Addr] (explorer.exe @ schannel.DLL) ncrypt.dll - SslEncryptPacket : Unknown @ 0x752b38a3
[IAT:Addr] (explorer.exe @ schannel.DLL) ncrypt.dll - SslOpenProvider : Unknown @ 0x752ba8ed
[IAT:Addr] (explorer.exe @ schannel.DLL) ncrypt.dll - SslLookupCipherSuiteInfo : Unknown @ 0x752b59c7
[IAT:Addr] (explorer.exe @ schannel.DLL) ncrypt.dll - SslImportKey : Unknown @ 0x752b5bb1
[IAT:Inl] (explorer.exe @ CRYPTUI.dll) CRYPT32.dll - PFXImportCertStore : Unknown @ 0x6999d69 (jmp 0xffffffff910684b1)
[IAT:Inl] (explorer.exe @ wer.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ msi.dll) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x699b3cd (jmp 0x655ee9b)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ stobject.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ es.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ pnidui.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ FXSAPI.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ netcenter.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ ADVPACK.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ werconcpl.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ EhStorAPI.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ sysmain.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ igfxpph.dll) KERNEL32.dll - CreateProcessA : Unknown @ 0x699b32b (jmp 0xffffffff90a292a9)
[IAT:Inl] (explorer.exe @ sbdrop.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ acppage.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (explorer.exe @ xwizards.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x699b285 (jmp 0xffffffff90a29238)
[IAT:Inl] (firefox.exe @ MSVCR100.dll) KERNEL32.dll - CreateProcessA : Unknown @ 0x40b32b (jmp 0xffffffff8a4992a9)
[IAT:Inl] (firefox.exe @ MSVCR100.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
[IAT:Inl] (firefox.exe @ USER32.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
[IAT:Inl] (firefox.exe @ MSCTF.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
[IAT:Inl] (firefox.exe @ iertutil.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
[IAT:Inl] (firefox.exe @ sandboxbroker.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
[IAT:Inl] (firefox.exe @ sandboxbroker.dll) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x40b3cd (jmp 0xffffffff8a3aee9b)
[IAT:Inl] (firefox.exe @ nss3.dll) KERNEL32.dll - CreateProcessA : Unknown @ 0x40b32b (jmp 0xffffffff8a4992a9)
[IAT:Inl] (firefox.exe @ xul.dll) nss3.dll - PR_Read : Unknown @ 0x40a21c (jmp 0xffffffff9573757c)
[IAT:Inl] (firefox.exe @ xul.dll) nss3.dll - PR_Close : Unknown @ 0x40a106 (jmp 0xffffffff95732a26)
[IAT:Inl] (firefox.exe @ xul.dll) nss3.dll - PR_Write : Unknown @ 0x40a34c (jmp 0xffffffff9573769c)
[IAT:Inl] (firefox.exe @ xul.dll) nss3.dll - PR_DestroyPollableEvent : Unknown @ 0x40a106 (jmp 0xffffffff95732a26)
[IAT:Inl] (firefox.exe @ xul.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
[IAT:Inl] (firefox.exe @ SETUPAPI.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
[IAT:Inl] (firefox.exe @ apphelp.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
[IAT:Inl] (firefox.exe @ CLBCatQ.DLL) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x40b3cd (jmp 0xffffffff8a3aee9b)
[IAT:Inl] (firefox.exe @ CLBCatQ.DLL) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
[IAT:Inl] (firefox.exe @ browsercomps.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
[IAT:Inl] (firefox.exe @ Wpc.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
[IAT:Inl] (firefox.exe @ nssdbm3.dll) nss3.dll - PR_Read : Unknown @ 0x40a21c (jmp 0xffffffff9573757c)
[IAT:Inl] (firefox.exe @ nssdbm3.dll) nss3.dll - PR_Write : Unknown @ 0x40a34c (jmp 0xffffffff9573769c)
[IAT:Inl] (firefox.exe @ nssdbm3.dll) nss3.dll - PR_Close : Unknown @ 0x40a106 (jmp 0xffffffff95732a26)
[IAT:Inl] (firefox.exe @ freebl3.dll) nss3.dll - PR_Close : Unknown @ 0x40a106 (jmp 0xffffffff95732a26)
[IAT:Inl] (firefox.exe @ freebl3.dll) nss3.dll - PR_Read : Unknown @ 0x40a21c (jmp 0xffffffff9573757c)
[IAT:Inl] (firefox.exe @ urlmon.dll) KERNEL32.dll - CreateProcessA : Unknown @ 0x40b32b (jmp 0xffffffff8a4992a9)
[IAT:Inl] (firefox.exe @ mf.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x40b285 (jmp 0xffffffff8a499238)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 29fdfa556d13eb95d2083272401a4ed7
[BSP] e7a4d88e39462edee4d9ce59ade9badd : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] ad33a3a547bba123744a073c3fd010a6
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 14883 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_11022014_201622.log
 
Once rebooted, explorer.exe goes to high CPU usage: 51%, 25%, etc.
Then, a warning screen appears: windows explorer has stopped working; checl online for solution or close the program.

so, something is still messing with comp via windows explorer.

the dllhost.exe processes have not appeared again.

I will try to follow those steps.
I have much more ability to use comp since processor is not so slowed.
 
I am carrying on, now. AVAST noted some slideshow virus, then kept detecting intrusions, then blue page of death - windows crashed. I have just restarted.
I cannot select / run AVASt - I do not have permission (?).

Moving on to MBAM.
 
MBAM: fourth scan: no threats. Then BSOD.
BSOD may be over-heating; my CPU continues to be heavily taxed.
MBAM results to be posted soon. Hopefully.
 
Restart. Malwarebytes stops an outgoing threat from dllhost.exe.
AND the wireless is turned off.
whatever is driving a dllhost.exe file kicks in once computer is turned on.
 
MBAM results:

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/2/2014
Scan Time: 10:08:34 PM
Logfile: e4300MBAM1102.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.03.02
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: e4300
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279040
Time Elapsed: 7 min, 58 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)
 
No problem :)

After posting DDS logs here is what to do next...

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
I am back - family out of town, I have uninterrupted time to work on this today and tomorrow
 
This infection is pernicious. it castrated avast.
I have downloaded comodo, have run update of comodo, and am now running quick scan w comodo.
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/9/2014
Scan Time: 6:45:44 AM
Logfile: e4300MBAMnov09.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.09.04
Rootkit Database: v2014.11.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: e4300

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 282556
Time Elapsed: 12 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/6/2014 4:34:39 PM
System Uptime: 11/9/2014 11:52:52 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0D201R
Processor: Intel(R) Core(TM)2 Duo CPU P9400 @ 2.40GHz | Microprocessor | 2401/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 105.606 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_024D1028&REV_12\4&5910934&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_024D1028&REV_12\4&5910934&0&0AF0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID:
Description: Broadcom USH
Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Manufacturer:
Name: Broadcom USH
PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Service:
.
==== System Restore Points ===================
.
RP58: 10/21/2014 6:16:26 PM - Windows Update
RP59: 10/28/2014 2:05:14 PM - Windows Update
RP61: 11/2/2014 9:01:26 PM - avast! antivirus system restore point
RP62: 11/4/2014 2:33:29 PM - Windows Update
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 
Back