Solved Laptop crashing and redirecting with Google searches

R

Rob5sl

Posts: 28   +0
Hello Guys, I hoping I can get some advice and help from your expertise.

I am having a problem with my laptop redirecting with a google search and crashing when left on and idle for a while. The computer is having a difficult time booting up from off. Having to run scans to recover. I have had to set the date and time back a couple of times to get it to recover. I have an HP Pavilion dv6 about a year old and runnings Windows 7 version 6.1

I have read some of your threads here and have followed your directions. I have downloaded Malwarebytes' Anti Maware and followed instuctions. Scanned, made sure everything was selected and removed. The same with GMER and DDS. I am going to attempt posting my results. Hopefully I get this right.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.31.14

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Rob :: PARADISELAPTOP [administrator]

3/31/2012 8:24:26 PM
mbam-log-2012-03-31 (20-24-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195023
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 6600 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 26
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Files Detected: 13
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\Temp\DM\Installer_for_AVG-Anti-Virus-Free-Edition-2012_008156\IwantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.

(end)

The GMER log is really big?
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Split GMER log between several replies (as our instructions say).
 
Laptop Crashing and redirecting

Thanks Broni, Here is the GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-01 13:09:30
Windows 6.1.7600
Running: rt60ln90.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\statstracker[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\statstracker[3].htm 39 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\ITPS_Ultimate_v172_PiecesofYou_PYLockman_728x90[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\jsadimp[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\sddefault[1].jpg 30729 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\trans1x1[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\TSRs[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\lessandra-candice-love-me-2011-7[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\ping[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\0811_103_USA_300250A[1].gif 27335 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\0R2lIsbqMb_1502075718[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\1-ABC_SCA_300x250_base_SBS[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\1-US_FY12-JFM_Clorox-Bleach_YouBed_Flash_160x600[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\1-US_FY12-JFM_Clorox-Bleach_YouBed_Flash_300x250[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\log[2].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\get[2] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\victorias-secret-022812-12[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\AdDisplayTrackerServlet[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\ros;pos=top;genre=buzz;;tile=4;sz=300x250;ord=3538262200[1].js 576 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\r[5].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\cookie[1].js 202 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\count[1].json 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\667553[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\97px-Macky_Sall_cropped[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\ABC_SCA_300x250_sub_WSB_new_v2[1].swf 62513 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\freq[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\px[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\img[1].htm 1368 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\megan-fox-071111-1[1].jpg 5983 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\men-in-black-3-image-1[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\men-in-black-3-image-2[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\Meta-logo-35px[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\load[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\load[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\517052417_7_148_111[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\afr[3].htm 1211 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\Wikinews-logo-51px[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\300x250_OT_3profileNeutralAutumn_15Sec_102015_0312[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\346127_016_3[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\erin-heatherton-vs-march11-16[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\getCAC9V5N7 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\open[2].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\bullet-icon[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\logCAVWU2K0.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\red_x[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\reese-011211-2[1].jpg 0 bytes
 
Laptop crashing and redircting

2nd part of GMER


File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\reese-011211-2[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\st[1] 4491 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\b_blue-square-media_com[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\Commons-logo-31px[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\results4[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35A8G70S\portal-break[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\1752428[1].xml 834 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\getCA6I1AWZ 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\getjs[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\cube[1].swf 142331 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\d27c01349bdf72fd0a3cbf845f7d9c2e[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\latestgossip[1].htm 91844 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\3142ae43e3b471ada39097c717dd5665[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\img[1].htm 1368 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\87574275[1].htm 8364 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\8ad7f5ec-6941-4548-a314-4f2dc5b75f96[1].htm 893 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\blank[4].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\pixel_adsafeprotected_com[2].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\Wikiquote-logo-51px[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\Wiki[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\content_grabnetworks_com[3].xml 12940 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\11508_forrester_U.S._Forecast_2011-2016_banner_300x250_en_control-NEW[1].jpg 97083 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\1813449364@x10[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\1ab6d359-c969-40d4-bb87-f815f9d89d86[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\ping[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\loader[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\load[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\load[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\b_blue-square-media_com[7].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\iframe3[4].htm 1077 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\iframe3[5].htm 1077 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\AllAllergies-FH[1].js 1705 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\surly[6].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\ffi[1].js 840 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\FlipText_728x90_11.22[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\poweredby_mediawiki_88x31[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\3597_0adb4c7d-2e57-45dd-b7b8-ca5e091eeecb[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\rc[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\291f527d4894645fdd4b2aedc38054bd[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\setuid[1].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\logosm[1].jpg 14002 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\vox_300x500[1].xml 14375 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\SenseHandler[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\adserv_14835[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\like[4].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\bsredirect5[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\ffiad[4].htm 394 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\ffiad[5].htm 394 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\search-fade[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\2002[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\st[3] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\st[4] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\google_ads[1].js 50509 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\728x90_FY12_MC_Ticket+and+Dine[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\p[1].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\0RJQs5bHxV_1816548942[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\rs[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\rules[1].xml 1086 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95T6BGZZ\1473[1].js 1221 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDWHX7TO\8n4g9OFjZEBfoyyx+Qo7i11Xt3djeaa7qUsI3M4M68M=[1].xml 249 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDWHX7TO\log[3].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDWHX7TO\viapi[1].xml 167 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\ads[4].js 12157 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\log[3].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\log[4].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\eva-32612-_2[1].jpg 4173 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\2012springscenttop10[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\index[2].htm 5 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\optn=64[4].js 6018 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\getCA8NAOZ6 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\getCABR8QMG 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\daisyeausofresh-marcjacobs[1].jpg 2695 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\quant[2].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\raw[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\elefun_160x600_versionD[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\jilsander-eve[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\ba411355dd62ea66860f57274ecfdc1a[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\ab[1].htm 1275 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\comment_icon[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCG5PP79\2[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\iframe3[3].htm 1168 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\iframe3[4].htm 1170 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\iframe3[5].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\iframe3[6].htm 692 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\AdaptvExchangeVastVideo[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\log[5].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\st[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\st[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\versaceyellowdiamond[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\marion-cotillard-dior-bag[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\demi-moore-helena-rubenstein[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\goon-image-7[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\gossipcenter_com[1].htm 56309 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\grippie[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\1333260069[1].htm 8414 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\BTS-LeaMichele-CandiesKohls2012[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\optn=64[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\optn=64[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\728x90_Click-bk[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\kardashian-swimwear-sears-2012[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\karlie-kloss-w-mag-april-2012[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\kate-hudson-ann-taylor-sp2012[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\affiliate[1].htm 16539 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\click[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\refresh[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZ1UYWIM\image[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\120188040@Bottom3[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\1288479434@x15[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\130px-Bundesarchiv_Bild_183-R01996%2C_Brieftaube_mit_Fotokamera_cropped[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\1310161386963[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\controls[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\control[1].xml 0 bytes
 
Last of GMER Log

3rd and last part of GMER

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\control[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\count[2].json 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\g[4].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\g[5].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\ad[5].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\i[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\i[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\surly[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\surly[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\surly[3].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\swarovski-31512-[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\megan-fox-071111-5[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0WMZDK3\redirect[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\getCAZ44M1R 18 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\monica-bellucci-picture-profile[1].jpg 11901 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\meta2[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\jquery.min[1].js 57254 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\adserv_14835[1].js 12269 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\ITPS_v172_PiecesofYou_PYLockman_300x250[1].swf 22085 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\ie7[2].css 1259 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\ie[1].css 3661 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOXYWGMG\Rosie-Huntington-Whiteley-gorgeous-smile[1].jpg 10938 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\cached_iframe[5].htm 1662 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\adserv_15283[2].js 12127 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\widget-tv[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\img[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\BlackCareers_Ads_728x90_NonGames[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\black_trans_bg[1].png 113 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\ddc[6].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\system-menus[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\tap[2].gif 49 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\Pong[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\prometheus-movie-image[1].jpg 2086 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\prometheus-movie-picture-48[1].jpg 2000 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\prometheus-movie-picture-49[1].jpg 2264 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\superfish-vertical[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\verisign[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\1333260126[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\tod-cotouringeyeshadow[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROJMK1K4\FeedsEnclosure-i[1].php%3Fk%3Db379327dfba8f2c2adff49216e31b68e786a7610 2657 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\63N2HCZH.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\R40PQWVD.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\S0J28N21.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\22XIECW3.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QV1BG4XQ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\B275OE82.txt 389 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BGNCBRUF.txt 3495 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1G46ZW0U.txt 9292 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YP00USK0.txt 211 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VV3NGK5G.txt 134 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MWXWXK9V.txt 114 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0HUVJYKH.txt 915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9DB6RF8E.txt 2332 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LOGB5RYW.txt 140 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\55UUG13D.txt 692 bytes

---- EOF - GMER 1.0.15 ----
 
DDS second log

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Rob at 13:15:47 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4044.1120 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
C:\Windows\system32\consent.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://aol.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files\Wajam\IE\priam_bho.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [<NO NAME>]
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\16E6E616 : DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\4796D656771627E65627361626C65677966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\7516C647562702E45475D27657563747 : DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\876696E696479777966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\A657374796E6 : DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\E4F425D414E4 : DhcpNameServer = 167.206.254.1 167.206.254.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [(Default)]
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-21 89600]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-7 249672]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-21 13336]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-21 2656280]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-3-10 909152]
R2 WajamUpdater;WajamUpdater;C:\Program Files\Wajam\Updater\WajamUpdater.exe [2012-3-9 109064]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-01 05:26:11 20480 ----a-w- C:\Windows\svchost.exe
2012-04-01 00:22:49 -------- d-----w- C:\Users\Rob\AppData\Roaming\Malwarebytes
2012-04-01 00:22:44 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-01 00:22:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-01 00:22:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-31 22:00:52 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{689EE1A3-DC84-4DFB-9B49-B7AA60F79707}\mpengine.dll
2012-03-20 02:24:22 -------- d-----w- C:\Users\Rob\AppData\Local\adaware
2012-03-20 02:24:06 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-03-14 05:28:54 388096 ----a-r- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-14 05:28:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-14 02:26:56 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-03-14 02:26:52 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-03-14 02:26:12 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-03-10 23:47:15 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-03-10 23:45:24 -------- d-----w- C:\Users\Rob\AppData\Local\Wajam
2012-03-10 23:45:24 -------- d-----w- C:\Program Files\Wajam
2012-03-10 23:44:52 -------- d-----w- C:\Users\Rob\AppData\Roaming\AVG2012
2012-03-10 23:38:19 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-03-10 23:38:17 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-03-10 23:38:15 -------- d--h--w- C:\ProgramData\Common Files
2012-03-10 23:38:05 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-10 23:37:04 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-10 23:37:04 -------- d-----w- C:\ProgramData\AVG2012
2012-03-10 23:35:15 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-10 23:30:11 -------- d-----w- C:\ProgramData\MFAData
2012-03-10 23:30:07 -------- d-----w- C:\Users\Rob\AppData\Local\Google
2012-03-10 23:30:03 -------- d-----w- C:\Users\Rob\AppData\Local\I Want This
2012-03-09 14:46:51 -------- d-----w- C:\Users\Rob\AppData\Local\{C44D12A0-1A5F-49E8-B15E-79B2535D5DDB}
2012-03-09 14:46:25 -------- d-----w- C:\Users\Rob\AppData\Local\{4397A341-BB60-4FEF-8F1D-EC59230A0390}
2012-03-08 02:05:23 -------- d-----w- C:\Users\Rob\AppData\Roaming\IDT
.
==================== Find3M ====================
.
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 13:16:53.41 ===============
 
Here is DDS again

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/14/2011 10:32:49 PM
System Uptime: 4/1/2012 1:24:52 AM (15 hours ago)
.
Motherboard: Hewlett-Packard | | 1658
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 395.789 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.891 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP78: 3/19/2012 10:21:56 PM - Installed Ad-Aware
RP79: 3/19/2012 10:23:09 PM - Installed Ad-Aware
RP80: 3/24/2012 8:52:29 AM - Windows Update
RP81: 3/24/2012 9:01:28 AM - Windows Update
RP82: 3/24/2012 10:42:48 AM - Windows Update
RP83: 3/24/2012 10:55:44 AM - Windows Update
RP84: 3/26/2012 10:14:56 PM - Windows Update
RP85: 3/27/2012 8:18:23 AM - Windows Update
RP86: 3/28/2012 10:29:13 PM - Windows Update
RP87: 3/28/2012 10:29:43 PM - Windows Update
RP88: 3/31/2012 2:05:31 PM - Windows Update
RP89: 3/31/2012 6:00:13 PM - Windows Update
RP90: 4/1/2012 8:29:07 AM - Windows Update
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Acrobat 4.0
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Final Drive Nitro
Heroes of Hellas 2 - Olympia
HiJackThis
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDataBase
MySoftware Fonts
Mystery P.I. - The London Caper
Penguins!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Stamps.com Internet Postage
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Virtual Families
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Wajam
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
4/1/2012 8:30:03 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
4/1/2012 1:25:26 AM, Error: Service Control Manager [7034] - The HP Auto service terminated unexpectedly. It has done this 1 time(s).
3/31/2012 2:01:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ca9703, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 033112-84396-01.
3/31/2012 1:59:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
3/31/2012 1:59:16 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/27/2012 4:52:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000030, 0x0000000000000002, 0x0000000000000000, 0xfffff88000fda043). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-22885-01.
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Here is 2nd DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Rob at 16:56:12 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4044.1279 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://aol.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files\Wajam\IE\priam_bho.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [<NO NAME>]
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\16E6E616 : DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\4796D656771627E65627361626C65677966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\7516C647562702E45475D27657563747 : DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\876696E696479777966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\A657374796E6 : DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{379A871A-2B98-476A-AB88-56BFEC4A59C2}\E4F425D414E4 : DhcpNameServer = 167.206.254.1 167.206.254.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [(Default)]
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-21 89600]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-7 249672]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-21 13336]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-21 2656280]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-3-10 909152]
R2 WajamUpdater;WajamUpdater;C:\Program Files\Wajam\Updater\WajamUpdater.exe [2012-3-9 109064]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-01 20:13:29 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{689EE1A3-DC84-4DFB-9B49-B7AA60F79707}\offreg.dll
2012-04-01 05:26:11 20480 ----a-w- C:\Windows\svchost.exe
2012-04-01 00:22:49 -------- d-----w- C:\Users\Rob\AppData\Roaming\Malwarebytes
2012-04-01 00:22:44 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-01 00:22:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-01 00:22:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-31 22:00:52 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{689EE1A3-DC84-4DFB-9B49-B7AA60F79707}\mpengine.dll
2012-03-20 02:24:22 -------- d-----w- C:\Users\Rob\AppData\Local\adaware
2012-03-20 02:24:06 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-03-14 05:28:54 388096 ----a-r- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-14 05:28:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-14 02:26:56 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-03-14 02:26:52 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-03-14 02:26:12 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-03-10 23:47:15 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-03-10 23:45:24 -------- d-----w- C:\Users\Rob\AppData\Local\Wajam
2012-03-10 23:45:24 -------- d-----w- C:\Program Files\Wajam
2012-03-10 23:44:52 -------- d-----w- C:\Users\Rob\AppData\Roaming\AVG2012
2012-03-10 23:38:19 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-03-10 23:38:17 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-03-10 23:38:15 -------- d--h--w- C:\ProgramData\Common Files
2012-03-10 23:38:05 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-10 23:37:04 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-10 23:37:04 -------- d-----w- C:\ProgramData\AVG2012
2012-03-10 23:35:15 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-10 23:30:11 -------- d-----w- C:\ProgramData\MFAData
2012-03-10 23:30:07 -------- d-----w- C:\Users\Rob\AppData\Local\Google
2012-03-10 23:30:03 -------- d-----w- C:\Users\Rob\AppData\Local\I Want This
2012-03-09 14:46:51 -------- d-----w- C:\Users\Rob\AppData\Local\{C44D12A0-1A5F-49E8-B15E-79B2535D5DDB}
2012-03-09 14:46:25 -------- d-----w- C:\Users\Rob\AppData\Local\{4397A341-BB60-4FEF-8F1D-EC59230A0390}
2012-03-08 02:05:23 -------- d-----w- C:\Users\Rob\AppData\Roaming\IDT
.
==================== Find3M ====================
.
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 16:56:51.60 ===============
 
aswMBR log

Just to clarify do you want me to download Bootkit Remover now?

Here is aswMBR log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 17:08:22
-----------------------------
17:08:22.276 OS Version: Windows x64 6.1.7600
17:08:22.276 Number of processors: 4 586 0x2A07
17:08:22.277 ComputerName: PARADISELAPTOP UserName: Rob
17:08:24.196 Initialize success
17:09:21.313 AVAST engine defs: 12040101
17:10:53.302 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
 
aswMBR log seems to be incomplete.
Re-run it, be patient, let it finish.

Then Bootkit Remover.
 
aswMBR scan log

Sorry, I think this is complete now.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 17:08:22
-----------------------------
17:08:22.276 OS Version: Windows x64 6.1.7600
17:08:22.276 Number of processors: 4 586 0x2A07
17:08:22.277 ComputerName: PARADISELAPTOP UserName: Rob
17:08:24.196 Initialize success
17:09:21.313 AVAST engine defs: 12040101
17:10:53.302 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
19:55:47.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:55:47.717 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
19:55:47.721 Device \Driver\iaStor -> MajorFunction fffffa8006e8f5c4
19:55:47.724 Disk 0 MBR read successfully
19:55:47.727 Disk 0 MBR scan
19:55:47.979 Disk 0 Windows 7 default MBR code
19:55:47.997 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:55:48.112 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461162 MB offset 409600
19:55:48.166 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15474 MB offset 944869376
19:55:48.191 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
19:55:48.379 Disk 0 scanning C:\Windows\system32\drivers
19:55:58.947 Service scanning
19:56:40.288 Modules scanning
19:56:40.298 Disk 0 trace - called modules:
19:56:40.306 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa8006e8f5c4]<<
19:56:40.310 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006906060]
19:56:40.315 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8006799b10]
19:56:40.320 5 hpdskflt.sys[fffff880017f22bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004adf050]
19:56:40.325 \Driver\iaStor[0xfffffa8006888c90] -> IRP_MJ_CREATE -> 0xfffffa8006e8f5c4
19:56:46.584 AVAST engine scan C:\Windows
19:56:48.662 AVAST engine scan C:\Windows\system32
20:00:19.571 AVAST engine scan C:\Windows\system32\drivers
20:00:32.140 AVAST engine scan C:\Users\Rob
20:08:14.921 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
20:08:14.931 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR1.txt"
 
Bootkit Remover Log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 17:08:22
-----------------------------
17:08:22.276 OS Version: Windows x64 6.1.7600
17:08:22.276 Number of processors: 4 586 0x2A07
17:08:22.277 ComputerName: PARADISELAPTOP UserName: Rob
17:08:24.196 Initialize success
17:09:21.313 AVAST engine defs: 12040101
17:10:53.302 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
19:55:47.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:55:47.717 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
19:55:47.721 Device \Driver\iaStor -> MajorFunction fffffa8006e8f5c4
19:55:47.724 Disk 0 MBR read successfully
19:55:47.727 Disk 0 MBR scan
19:55:47.979 Disk 0 Windows 7 default MBR code
19:55:47.997 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:55:48.112 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461162 MB offset 409600
19:55:48.166 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15474 MB offset 944869376
19:55:48.191 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
19:55:48.379 Disk 0 scanning C:\Windows\system32\drivers
19:55:58.947 Service scanning
19:56:40.288 Modules scanning
19:56:40.298 Disk 0 trace - called modules:
19:56:40.306 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa8006e8f5c4]<<
19:56:40.310 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006906060]
19:56:40.315 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8006799b10]
19:56:40.320 5 hpdskflt.sys[fffff880017f22bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004adf050]
19:56:40.325 \Driver\iaStor[0xfffffa8006888c90] -> IRP_MJ_CREATE -> 0xfffffa8006e8f5c4
19:56:46.584 AVAST engine scan C:\Windows
19:56:48.662 AVAST engine scan C:\Windows\system32
20:00:19.571 AVAST engine scan C:\Windows\system32\drivers
20:00:32.140 AVAST engine scan C:\Users\Rob
20:08:14.921 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
20:08:14.931 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR1.txt"
 
Bookit remover part 1

Oh brother..... Okay, I am focused now.

.\debug.cpp(238) : Debug log started at 02.04.2012 - 00:27:46
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x02c09000 0x005dc000 "\SystemRoot\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x031e5000 0x00049000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x00ba8000 0x00003000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x00c2a000 0x00044000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x00c6e000 0x00014000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x00c82000 0x0005e000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x00ce0000 0x000c0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x00edc000 0x000a4000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x00f80000 0x0000f000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x00f8f000 0x00057000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x00fe6000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0x00fef000 0x0000a000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x00e00000 0x00033000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x00e33000 0x0000d000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x00e40000 0x00015000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x00e55000 0x00009000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x00e5e000 0x0000c000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x00e6a000 0x00015000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x00e7f000 0x0005c000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x00da0000 0x0001a000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x01001000 0x00154000 "\SystemRoot\system32\DRIVERS\iaStor.sys"
.\debug.cpp(256) : 0x01155000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x0115e000 0x0002a000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x01188000 0x0000b000 "\SystemRoot\system32\DRIVERS\msahci.sys"
.\debug.cpp(256) : 0x01193000 0x00010000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x011a3000 0x0000b000 "\SystemRoot\system32\drivers\amdxata.sys"
.\debug.cpp(256) : 0x011ae000 0x0004c000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x00dba000 0x00014000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x0123a000 0x001a2000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x01418000 0x0005e000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x01476000 0x0001a000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x01490000 0x00073000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x01503000 0x00011000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x01514000 0x0000a000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x016e3000 0x000f2000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x01600000 0x00060000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x01660000 0x0002b000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x01800000 0x001fe000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x0168b000 0x0004a000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x0151e000 0x0004c000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x016d5000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x0156a000 0x0003a000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x017d5000 0x00012000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x017e7000 0x00009000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x017f0000 0x0000a000 "\SystemRoot\system32\DRIVERS\hpdskflt.sys"
.\debug.cpp(256) : 0x015a4000 0x0003a000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x015de000 0x00016000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x01200000 0x00030000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x015f4000 0x0000a000 "\SystemRoot\system32\DRIVERS\AVGIDSEH.Sys"
.\debug.cpp(256) : 0x02c00000 0x0002a000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x02c2a000 0x00009000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x02c33000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x02c3a000 0x0000e000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x02c48000 0x00025000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x02c6d000 0x00010000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x02c7d000 0x00009000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x02c86000 0x00009000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x0140e000 0x00009000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x013dc000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x013e7000 0x00011000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x00dce000 0x0001e000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x00dec000 0x0000d000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x03a78000 0x00060000 "\SystemRoot\system32\DRIVERS\avgtdia.sys"
.\debug.cpp(256) : 0x03ad8000 0x00045000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x03b1d000 0x00089000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x03ba6000 0x00009000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x03baf000 0x00026000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x03bd5000 0x00016000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x03beb000 0x0000f000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x03a00000 0x0001b000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x03a1b000 0x00014000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x03c2c000 0x00051000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x03c7d000 0x0000c000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x03c89000 0x0000b000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x03c94000 0x0000f000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x03ca3000 0x0001e000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x03cc1000 0x00011000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x03cd2000 0x00026000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x04834000 0x00bb1000 "\SystemRoot\system32\DRIVERS\igdkmd64.sys"
.\debug.cpp(256) : 0x03cf8000 0x00036000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x0425c000 0x000f4000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x04350000 0x00046000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x04396000 0x00011000 "\SystemRoot\system32\DRIVERS\HECIx64.sys"
.\debug.cpp(256) : 0x043a7000 0x00011000 "\SystemRoot\system32\drivers\usbehci.sys"
.\debug.cpp(256) : 0x04200000 0x00056000 "\SystemRoot\system32\drivers\USBPORT.SYS"
.\debug.cpp(256) : 0x043b8000 0x00024000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x03d2e000 0x00065000 "\SystemRoot\system32\DRIVERS\Rt64win7.sys"
.\debug.cpp(256) : 0x05644000 0x002f0000 "\SystemRoot\system32\DRIVERS\bcmwl664.sys"
.\debug.cpp(256) : 0x05934000 0x0000d000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x05941000 0x00055000 "\SystemRoot\system32\DRIVERS\RtsPStor.sys"
.\debug.cpp(256) : 0x05996000 0x00031000 "\SystemRoot\system32\DRIVERS\nusb3xhc.sys"
.\debug.cpp(256) : 0x059c7000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x059c9000 0x0001e000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x059e7000 0x0000f000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x04406000 0x0015d000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0x04563000 0x0000f000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x04572000 0x00005000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x04577000 0x0000d000 "\SystemRoot\system32\DRIVERS\Accelerometer.sys"
.\debug.cpp(256) : 0x04584000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0x0458d000 0x00016000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x045a3000 0x00010000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x045b3000 0x00006000 "\SystemRoot\system32\DRIVERS\clwvd.sys"
.\debug.cpp(256) : 0x045b9000 0x00043000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x04400000 0x00006000 "\SystemRoot\system32\drivers\ksthunk.sys"
.\debug.cpp(256) : 0x05600000 0x00016000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x05616000 0x00024000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x043dc000 0x0000c000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x04800000 0x0002f000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x053e5000 0x0001b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x03d93000 0x00021000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x03db4000 0x0001a000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x045fc000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x043e8000 0x00012000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x05c31000 0x0005a000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x05c8b000 0x00019000 "\SystemRoot\system32\DRIVERS\nusb3hub.sys"
.\debug.cpp(256) : 0x05ca4000 0x00015000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x05cb9000 0x00083000 "\SystemRoot\system32\DRIVERS\stwrt64.sys"
.\debug.cpp(256) : 0x05d3c000 0x0003d000 "\SystemRoot\system32\DRIVERS\portcls.sys"
.\debug.cpp(256) : 0x05d79000 0x00022000 "\SystemRoot\system32\DRIVERS\drmk.sys"
.\debug.cpp(256) : 0x05d9b000 0x00053000 "\SystemRoot\system32\DRIVERS\IntcDAud.sys"
.\debug.cpp(256) : 0x00030000 0x00314000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x05c00000 0x0000c000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x05c0c000 0x0001d000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x03c00000 0x0001d000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x03dce000 0x0002e000 "\SystemRoot\System32\Drivers\usbvideo.sys"
.\debug.cpp(256) : 0x05dee000 0x0000e000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x02c8f000 0x00154000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
.\debug.cpp(256) : 0x03a2f000 0x00013000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x03c1d000 0x0000e000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x005d0000 0x0000a000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x006a0000 0x00027000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x00990000 0x00061000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x03a42000 0x00023000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x00c00000 0x00021000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x03a65000 0x00011000 "\SystemRoot\system32\DRIVERS\WinUSB.sys"
.\debug.cpp(256) : 0x02a9c000 0x00031000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
.\debug.cpp(256) : 0x02acd000 0x00015000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x02ae2000 0x00053000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x02b35000 0x00013000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x02b48000 0x00018000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x04617000 0x000c8000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x046df000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifimp.sys"
.\debug.cpp(256) : 0x046e9000 0x0001e000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x04707000 0x00018000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x0471f000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x0474c000 0x0004e000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x0479a000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x062ef000 0x000a6000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x06395000 0x0000b000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x063a0000 0x0002d000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x063cd000 0x00012000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x06200000 0x00067000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x02b60000 0x00095000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x062d8000 0x0000b000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0x063df000 0x0000f000 "\??\C:\Users\Rob\AppData\Local\Temp\aswMBR.sys"
.\debug.cpp(256) : 0x77270000 0x001ac000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x47fc0000 0x00020000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0xff590000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0xff0c0000 0x000c1000 "\Windows\System32\autochk.exe"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{af573040-53f3-11e0-bc1a-806e6f6e6963}#000000000C800000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000#4&3218bc92&0&0301#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000006e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&12ce2502&0&01#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BB5F3E68-5F59-43CA-A009-2215802671E3}"
.\debug.cpp(400) : Destination "\Device\NDMP16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_E258&MI_00#7&266896f9&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1db8b544-674a-11e0-81b7-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1db8b545-674a-11e0-81b7-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0AFF2BA0-7D6C-4922-ABF1-3D084430E82E}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0194&SUBSYS_1658103C&REV_04#4&1e0e3344&0&00E3#{ac051b02-603b-4b3c-b14b-95c9268de081}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1db8b546-674a-11e0-81b7-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_1658103C&REV_06#4&3b3f7c80&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1db8b547-674a-11e0-81b7-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E43D242B-9EAB-4626-A952-46649FBB939A}"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1C26&SUBSYS_1658103C&REV_04#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-024756b6-7bbb-11e1-a580-ac81122f6744"
.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-024756b6-7bbb-11e1-a580-ac81122f6744"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD9"
.\debug.cpp(400) : Destination "\??\PCI#VEN_1033&DEV_0194&SUBSYS_1658103C&REV_04#4&1e0e3344&0&00E3#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4727&SUBSYS_145C103C&REV_01#4&ff2ade7&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{cb0b7def-63d0-44d6-bcd7-a5e6d1f8b362}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination "\Device\AgileVPN"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\iaStor0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0024#5&1a6f88c&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination "\Device\IPSECDOSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-a482e7c2-f301-4d78-9167-a2a556726076"
.\debug.cpp(400) : Destination "\Device\HostProcess-a482e7c2-f301-4d78-9167-a2a556726076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_5209&SUBSYS_1658103C&REV_01#4&1f8a0e47&0&00E2#{b6a6b22e-d723-4e95-a518-6cbdbfa8cb61}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination "\Device\Video5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1137B7F-EDBA-481A-8682-F66E917C9B0B}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) : Destination "\Device\vwififlt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{af573040-53f3-11e0-bc1a-806e6f6e6963}#00000070A3200000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{af573040-53f3-11e0-bc1a-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) : Destination "\Device\ASYNCMAC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination "\Device\SPDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-0b1a808b-9159-4c95-897d-a2a1b6133c9e"
.\debug.cpp(400) : Destination "\Device\HostProcess-0b1a808b-9159-4c95-897d-a2a1b6133c9e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#CMO15A2#4&32d93cca&0&UID67568640#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2f000702&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&340c8448&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUSB3#ROOT_HUB30#5&12f9d4e2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_E258#HF1016-A821-OV01-VH-R04.00.00#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4727&SUBSYS_145C103C&REV_01#4&ff2ade7&0&00E1#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_42_-________Intel(R)_Core(TM)_i3-2310M_CPU_@_2.10GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000051"
.
 
Bookit Remover Log Part 2

V_01#4&ff2ade7&0&00E1#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_42_-________Intel(R)_Core(TM)_i3-2310M_CPU_@_2.10GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUSB3#ROOT_HUB30#5&12f9d4e2&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS545050B9A300_________________PB4OCA1G#4&1067e056&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgTdi"
.\debug.cpp(400) : Destination "\Device\AvgTdi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1C2D&SUBSYS_1658103C&REV_04#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1db8b552-674a-11e0-81b7-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination "\Device\nativewifip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMBR"
.\debug.cpp(400) : Destination "\Device\aswMBR"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-54cb248c-3c43-4749-a4aa-ba8b7767efb3"
.\debug.cpp(400) : Destination "\Device\HostProcess-54cb248c-3c43-4749-a4aa-ba8b7767efb3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_42_-________Intel(R)_Core(TM)_i3-2310M_CPU_@_2.10GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) : Destination "\Device\WwanProt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{379A871A-2B98-476A-AB88-56BFEC4A59C2}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{802389A0-9C1A-4C28-9099-BC7F2A90C31A}"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&12ce2502&0&01#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-024756b7-7bbb-11e1-a580-ac81122f6744"
.\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-024756b7-7bbb-11e1-a580-ac81122f6744"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&7b2bf30&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000063"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1C03&SUBSYS_1658103C&REV_04#3&11583659&0&FA#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4727&SUBSYS_145C103C&REV_01#4&ff2ade7&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_0116&SUBSYS_1658103C&REV_09#3&11583659&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{af573040-53f3-11e0-bc1a-806e6f6e6963}#000000746A400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1C3A&SUBSYS_1658103C&REV_04#3&11583659&0&B0#{e2d1ff34-3458-49a9-88da-8e6915ce9be5}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_42_-________Intel(R)_Core(TM)_i3-2310M_CPU_@_2.10GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}"
.\debug.cpp(400) : Destination "\Device\NDMP14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination "\Device\TeredoTun"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{33D3CC9A-BB0F-4EF1-99A6-0B92D3861DB9}"
.\debug.cpp(400) : Destination "\Device\NDMP17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}"
.\debug.cpp(400) : Destination "\Device\NDMP15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3C93E67E-CAA9-48AF-8AE1-FD16FE01BF9C}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0194&SUBSYS_1658103C&REV_04#4&1e0e3344&0&00E3#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-dc8e45c0-7304-40c8-83b0-994dd1474b2c"
.\debug.cpp(400) : Destination "\Device\HostProcess-dc8e45c0-7304-40c8-83b0-994dd1474b2c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{078B24E7-DBD6-430A-8819-871BE9D4C170}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_1658103C&REV_06#4&3b3f7c80&0&00E0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#HPQ0004#2&daba3ff&2#{dd2a6682-735e-4e8e-8a59-d9dccf1ebece}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1E47#4&7b2bf30&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_CDDVDW_TS-L633R______________________0300____#4&1067e056&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_138A&PID_0018#fbee3b09a190#{e2b5183a-99ea-4cc3-ad6b-80ca8d715b80}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_138A&PID_0018#fbee3b09a190#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_42_-________Intel(R)_Core(TM)_i3-2310M_CPU_@_2.10GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#CMO15A2#4&32d93cca&0&UID67568640#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDSErHr"
.\debug.cpp(400) : Destination "\Device\AVGIDSErHr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_0116&SUBSYS_1658103C&REV_09#3&11583659&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1658&REV_1001#4&3218bc92&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0024#5&18a0da4&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_E258&MI_00#7&266896f9&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomhp_CDDVDW_TS-L633R______________________0300____#4&1067e056&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#4&7b2bf30&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 465 GB \\.\PhysicalDrive0 Controlled by rootkit!
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1136) : Boot code on some of your physical disks is hidden by a rootkit.
.\boot_cleaner.cpp(1138) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1139) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1143) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1144) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1147) :
.\boot_cleaner.cpp(1152) : Done;
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKILLER log part 1

I had to reboot computer and I notices there is also a quarantine folder in root directory

00:09:54.0688 7592 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
00:09:54.0927 7592 ============================================================
00:09:54.0927 7592 Current date / time: 2012/04/02 00:09:54.0927
00:09:54.0927 7592 SystemInfo:
00:09:54.0927 7592
00:09:54.0927 7592 OS Version: 6.1.7600 ServicePack: 0.0
00:09:54.0927 7592 Product type: Workstation
00:09:54.0927 7592 ComputerName: PARADISELAPTOP
00:09:54.0927 7592 UserName: Rob
00:09:54.0927 7592 Windows directory: C:\Windows
00:09:54.0927 7592 System windows directory: C:\Windows
00:09:54.0927 7592 Running under WOW64
00:09:54.0927 7592 Processor architecture: Intel x64
00:09:54.0927 7592 Number of processors: 4
00:09:54.0927 7592 Page size: 0x1000
00:09:54.0927 7592 Boot type: Normal boot
00:09:54.0927 7592 ============================================================
00:09:55.0620 7592 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:09:55.0623 7592 \Device\Harddisk0\DR0:
00:09:55.0623 7592 MBR used
00:09:55.0623 7592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:09:55.0623 7592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x384B5000
00:09:55.0623 7592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38519000, BlocksNum 0x1E39000
00:09:55.0623 7592 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
00:09:55.0692 7592 Initialize success
00:09:55.0692 7592 ============================================================
00:10:17.0753 6884 ============================================================
00:10:17.0753 6884 Scan started
00:10:17.0753 6884 Mode: Manual;
00:10:17.0753 6884 ============================================================
00:10:19.0783 6884 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:10:19.0787 6884 1394ohci - ok
00:10:19.0868 6884 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
00:10:19.0870 6884 Accelerometer - ok
00:10:20.0005 6884 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:10:20.0012 6884 ACPI - ok
00:10:20.0053 6884 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:10:20.0054 6884 AcpiPmi - ok
00:10:20.0111 6884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:10:20.0119 6884 adp94xx - ok
00:10:20.0219 6884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:10:20.0225 6884 adpahci - ok
00:10:20.0283 6884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:10:20.0287 6884 adpu320 - ok
00:10:20.0340 6884 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:10:20.0341 6884 AeLookupSvc - ok
00:10:20.0435 6884 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
00:10:20.0438 6884 AESTFilters - ok
00:10:20.0588 6884 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
00:10:20.0596 6884 AFD - ok
00:10:20.0732 6884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:10:20.0734 6884 agp440 - ok
00:10:20.0810 6884 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:10:20.0813 6884 ALG - ok
00:10:20.0957 6884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:10:20.0959 6884 aliide - ok
00:10:21.0002 6884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:10:21.0003 6884 amdide - ok
00:10:21.0064 6884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:10:21.0065 6884 AmdK8 - ok
00:10:21.0124 6884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:10:21.0125 6884 AmdPPM - ok
00:10:21.0224 6884 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
00:10:21.0227 6884 amdsata - ok
00:10:21.0271 6884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:10:21.0274 6884 amdsbs - ok
00:10:21.0304 6884 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
00:10:21.0305 6884 amdxata - ok
00:10:21.0402 6884 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:10:21.0403 6884 AppID - ok
00:10:21.0455 6884 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:10:21.0456 6884 AppIDSvc - ok
00:10:21.0531 6884 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
00:10:21.0532 6884 Appinfo - ok
00:10:21.0621 6884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:10:21.0623 6884 arc - ok
00:10:21.0684 6884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:10:21.0686 6884 arcsas - ok
00:10:21.0737 6884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:10:21.0738 6884 AsyncMac - ok
00:10:21.0806 6884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:10:21.0807 6884 atapi - ok
00:10:21.0908 6884 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:10:21.0917 6884 AudioEndpointBuilder - ok
00:10:21.0928 6884 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:10:21.0933 6884 AudioSrv - ok
00:10:22.0072 6884 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
00:10:22.0073 6884 AVGIDSEH - ok
00:10:22.0114 6884 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
00:10:22.0119 6884 Avgtdia - ok
00:10:22.0253 6884 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
00:10:22.0256 6884 avgwd - ok
00:10:22.0370 6884 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
00:10:22.0373 6884 AxInstSV - ok
00:10:22.0456 6884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:10:22.0463 6884 b06bdrv - ok
00:10:22.0577 6884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:10:22.0582 6884 b57nd60a - ok
00:10:22.0704 6884 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
00:10:22.0708 6884 BBSvc - ok
00:10:22.0896 6884 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:10:22.0996 6884 BCM43XX - ok
00:10:23.0118 6884 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:10:23.0121 6884 BDESVC - ok
00:10:23.0213 6884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:10:23.0215 6884 Beep - ok
00:10:23.0360 6884 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
00:10:23.0374 6884 BFE - ok
00:10:23.0484 6884 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
00:10:23.0504 6884 BITS - ok
00:10:23.0627 6884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:10:23.0629 6884 blbdrive - ok
00:10:23.0718 6884 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
00:10:23.0719 6884 bowser - ok
00:10:23.0840 6884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:10:23.0841 6884 BrFiltLo - ok
00:10:23.0874 6884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:10:23.0875 6884 BrFiltUp - ok
00:10:23.0911 6884 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
00:10:23.0913 6884 Browser - ok
00:10:24.0072 6884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:10:24.0075 6884 Brserid - ok
00:10:24.0128 6884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:10:24.0129 6884 BrSerWdm - ok
00:10:24.0255 6884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:10:24.0256 6884 BrUsbMdm - ok
00:10:24.0290 6884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:10:24.0291 6884 BrUsbSer - ok
00:10:24.0333 6884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:10:24.0335 6884 BTHMODEM - ok
00:10:24.0392 6884 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:10:24.0394 6884 bthserv - ok
00:10:24.0523 6884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:10:24.0525 6884 cdfs - ok
00:10:24.0591 6884 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:10:24.0594 6884 cdrom - ok
00:10:24.0726 6884 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:10:24.0728 6884 CertPropSvc - ok
00:10:24.0803 6884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:10:24.0804 6884 circlass - ok
00:10:24.0869 6884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:10:24.0874 6884 CLFS - ok
00:10:24.0972 6884 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:10:24.0973 6884 clr_optimization_v2.0.50727_32 - ok
00:10:25.0006 6884 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:10:25.0008 6884 clr_optimization_v2.0.50727_64 - ok
00:10:25.0102 6884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:10:25.0103 6884 clr_optimization_v4.0.30319_32 - ok
00:10:25.0168 6884 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:10:25.0170 6884 clr_optimization_v4.0.30319_64 - ok
00:10:25.0251 6884 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
00:10:25.0252 6884 clwvd - ok
00:10:25.0325 6884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:10:25.0325 6884 CmBatt - ok
00:10:25.0358 6884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:10:25.0359 6884 cmdide - ok
00:10:25.0446 6884 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
00:10:25.0451 6884 CNG - ok
00:10:25.0582 6884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:10:25.0583 6884 Compbatt - ok
00:10:25.0638 6884 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:10:25.0639 6884 CompositeBus - ok
00:10:25.0684 6884 COMSysApp - ok
00:10:25.0716 6884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:10:25.0716 6884 crcdisk - ok
00:10:25.0824 6884 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
00:10:25.0827 6884 CryptSvc - ok
00:10:25.0911 6884 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:10:25.0919 6884 DcomLaunch - ok
00:10:26.0510 6884 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:10:26.0514 6884 defragsvc - ok
00:10:26.0591 6884 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
00:10:26.0593 6884 DfsC - ok
00:10:26.0718 6884 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
00:10:26.0722 6884 Dhcp - ok
00:10:26.0774 6884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:10:26.0775 6884 discache - ok
00:10:26.0932 6884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:10:26.0934 6884 Disk - ok
00:10:27.0004 6884 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
00:10:27.0006 6884 Dnscache - ok
00:10:27.0053 6884 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
00:10:27.0057 6884 dot3svc - ok
00:10:27.0144 6884 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
00:10:27.0146 6884 DPS - ok
00:10:27.0226 6884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:10:27.0228 6884 drmkaud - ok
00:10:27.0330 6884 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
00:10:27.0340 6884 DXGKrnl - ok
00:10:27.0451 6884 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:10:27.0453 6884 EapHost - ok
00:10:27.0572 6884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:10:27.0607 6884 ebdrv - ok
00:10:27.0698 6884 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
00:10:27.0699 6884 EFS - ok
00:10:27.0796 6884 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
00:10:27.0804 6884 ehRecvr - ok
00:10:27.0848 6884 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:10:27.0850 6884 ehSched - ok
00:10:27.0956 6884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:10:27.0963 6884 elxstor - ok
00:10:28.0315 6884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:10:28.0316 6884 ErrDev - ok
00:10:28.0390 6884 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:10:28.0396 6884 EventSystem - ok
00:10:28.0524 6884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:10:28.0527 6884 exfat - ok
00:10:28.0562 6884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:10:28.0565 6884 fastfat - ok
00:10:28.0644 6884 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
00:10:28.0651 6884 Fax - ok
00:10:28.0742 6884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:10:28.0743 6884 fdc - ok
00:10:28.0804 6884 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:10:28.0806 6884 fdPHost - ok
00:10:28.0876 6884 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:10:28.0878 6884 FDResPub - ok
00:10:28.0940 6884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:10:28.0941 6884 FileInfo - ok
00:10:28.0978 6884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:10:28.0979 6884 Filetrace - ok
00:10:29.0069 6884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:10:29.0070 6884 flpydisk - ok
00:10:29.0122 6884 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:10:29.0126 6884 FltMgr - ok
00:10:29.0191 6884 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
00:10:29.0209 6884 FontCache - ok
00:10:29.0302 6884 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:10:29.0303 6884 FontCache3.0.0.0 - ok
00:10:29.0406 6884 FPLService (cdc54db949d1e2bbf86b0c7ab86b912e) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
00:10:29.0409 6884 FPLService - ok
00:10:29.0480 6884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:10:29.0481 6884 FsDepends - ok
00:10:29.0533 6884 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:10:29.0534 6884 Fs_Rec - ok
00:10:29.0593 6884 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:10:29.0596 6884 fvevol - ok
00:10:30.0007 6884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:10:30.0008 6884 gagp30kx - ok
00:10:30.0091 6884 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
00:10:30.0094 6884 GameConsoleService - ok
00:10:30.0181 6884 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
00:10:30.0189 6884 gpsvc - ok
00:10:30.0283 6884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:10:30.0284 6884 hcw85cir - ok
00:10:30.0335 6884 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
00:10:30.0340 6884 HdAudAddService - ok
00:10:30.0370 6884 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:10:30.0371 6884 HDAudBus - ok
00:10:30.0405 6884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:10:30.0406 6884 HidBatt - ok
00:10:30.0494 6884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:10:30.0496 6884 HidBth - ok
00:10:30.0522 6884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:10:30.0523 6884 HidIr - ok
00:10:30.0548 6884 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:10:30.0550 6884 hidserv - ok
00:10:30.0670 6884 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:10:30.0671 6884 HidUsb - ok
00:10:30.0731 6884 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
00:10:30.0734 6884 hkmsvc - ok
00:10:30.0781 6884 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
00:10:30.0785 6884 HomeGroupListener - ok
00:10:30.0823 6884 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
00:10:30.0827 6884 HomeGroupProvider - ok
00:10:30.0967 6884 HP Health Check Service (7a24ad37416b91e4b5e5b46bd25c075f) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
00:10:30.0968 6884 HP Health Check Service - ok
00:10:31.0029 6884 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
00:10:31.0031 6884 HP Wireless Assistant Service - ok
00:10:31.0094 6884 HPAuto (da075126f867727810ee9b98b3041c4c) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
00:10:31.0102 6884 HPAuto - ok
00:10:31.0160 6884 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
00:10:31.0164 6884 HPClientSvc - ok
00:10:31.0253 6884 HPDrvMntSvc.exe (2a047e7e0f1018e3134a4065636f2025) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:10:31.0254 6884 HPDrvMntSvc.exe - ok
00:10:31.0356 6884 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
00:10:31.0357 6884 hpdskflt - ok
00:10:31.0474 6884 hpqwmiex (59cb6a1ca093edc2881598a45518857d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
00:10:31.0482 6884 hpqwmiex - ok
00:10:31.0620 6884 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:10:31.0622 6884 HpSAMD - ok
00:10:31.0662 6884 hpsrv (e2223a37896a76861d7f79fd81a2a193) C:\Windows\system32\Hpservice.exe
00:10:31.0664 6884 hpsrv - ok
00:10:31.0773 6884 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
00:10:31.0774 6884 HPWMISVC - ok
00:10:31.0864 6884 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:10:31.0872 6884 HTTP - ok
00:10:31.0960 6884 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:10:31.0960 6884 hwpolicy - ok
00:10:32.0474 6884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:10:32.0476 6884 i8042prt - ok
00:10:32.0614 6884 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
00:10:32.0619 6884 iaStor - ok
00:10:32.0760 6884 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
00:10:32.0762 6884 IAStorDataMgrSvc - ok
00:10:32.0874 6884 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
00:10:32.0879 6884 iaStorV - ok
00:10:32.0981 6884 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:10:32.0991 6884 idsvc - ok
00:10:33.0330 6884 igfx (8cb8667f5a3b5515f2585f3254f3aaf7) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:10:33.0561 6884 igfx - ok
00:10:33.0689 6884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:10:33.0691 6884 iirsp - ok
00:10:33.0739 6884 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
00:10:33.0749 6884 IKEEXT - ok
00:10:33.0900 6884 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:10:33.0904 6884 IntcDAud - ok
00:10:33.0931 6884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:10:33.0932 6884 intelide - ok
00:10:34.0054 6884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:10:34.0055 6884 intelppm - ok
00:10:34.0149 6884 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:10:34.0151 6884 IPBusEnum - ok
00:10:34.0204 6884 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:10:34.0205 6884 IpFilterDriver - ok
00:10:34.0252 6884 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
00:10:34.0258 6884 iphlpsvc - ok
00:10:34.0348 6884 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:10:34.0350 6884 IPMIDRV - ok
00:10:34.0407 6884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:10:34.0409 6884 IPNAT - ok
00:10:34.0472 6884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:10:34.0473 6884 IRENUM - ok
00:10:34.0529 6884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:10:34.0530 6884 isapnp - ok
00:10:34.0604 6884 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:10:34.0608 6884 iScsiPrt - ok
00:10:34.0707 6884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:10:34.0709 6884 kbdclass - ok
00:10:34.0764 6884 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:10:34.0766 6884 kbdhid - ok
00:10:34.0855 6884 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:10:34.0858 6884 KeyIso - ok
00:10:34.0901 6884 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
00:10:34.0904 6884 KSecDD - ok
00:10:34.0946 6884 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
00:10:34.0949 6884 KSecPkg - ok
00:10:35.0036 6884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:10:35.0037 6884 ksthunk - ok
00:10:35.0078 6884 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:10:35.0083 6884 KtmRm - ok
00:10:35.0167 6884 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
00:10:35.0175 6884 LanmanServer - ok
00:10:35.0241 6884 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
00:10:35.0247 6884 LanmanWorkstation - ok
00:10:35.0364 6884 LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:10:35.0366 6884 LightScribeService - ok
00:10:35.0492 6884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:10:35.0494 6884 lltdio - ok
00:10:35.0589 6884 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:10:35.0593 6884 lltdsvc - ok
00:10:35.0659 6884 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:10:35.0661 6884 lmhosts - ok
00:10:35.0780 6884 LMS (c463a25f01c6237295917417c5e9e344) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:10:35.0784 6884 LMS - ok
00:10:35.0912 6884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:10:35.0914 6884 LSI_FC - ok
00:10:35.0966 6884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:10:35.0968 6884 LSI_SAS - ok
00:10:35.0994 6884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:10:35.0995 6884 LSI_SAS2 - ok
00:10:36.0095 6884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:10:36.0099 6884 LSI_SCSI - ok
00:10:36.0171 6884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:10:36.0174 6884 luafv - ok
00:10:36.0215 6884 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
00:10:36.0219 6884 Mcx2Svc - ok
00:10:36.0323 6884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:10:36.0325 6884 megasas - ok
00:10:36.0366 6884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:10:36.0370 6884 MegaSR - ok
00:10:36.0450 6884 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
00:10:36.0452 6884 MEIx64 - ok
00:10:36.0556 6884 Microsoft SharePoint Workspace Audit Service - ok
00:10:36.0617 6884 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:10:36.0619 6884 MMCSS - ok
00:10:36.0670 6884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:10:36.0671 6884 Modem - ok
00:10:36.0742 6884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:10:36.0742 6884 monitor - ok
00:10:36.0784 6884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:10:36.0786 6884 mouclass - ok
00:10:36.0867 6884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:10:36.0874 6884 mouhid - ok
00:10:36.0921 6884 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:10:36.0922 6884 mountmgr - ok
00:10:36.0967 6884 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:10:36.0970 6884 mpio - ok
00:10:37.0005 6884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:10:37.0006 6884 mpsdrv - ok
00:10:37.0066 6884 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
00:10:37.0076 6884 MpsSvc - ok
00:10:37.0151 6884 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:10:37.0155 6884 MRxDAV - ok
00:10:37.0216 6884 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:10:37.0218 6884 mrxsmb - ok
00:10:37.0270 6884 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:10:37.0273 6884 mrxsmb10 - ok
00:10:37.0354 6884 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:10:37.0356 6884 mrxsmb20 - ok
00:10:37.0407 6884 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
00:10:37.0409 6884 msahci - ok
00:10:37.0445 6884 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:10:37.0448 6884 msdsm - ok
00:10:37.0530 6884 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:10:37.0534 6884 MSDTC - ok
00:10:37.0609 6884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:10:37.0610 6884 Msfs - ok
00:10:37.0653 6884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:10:37.0654 6884 mshidkmdf - ok
00:10:37.0695 6884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:10:37.0696 6884 msisadrv - ok
00:10:37.0764 6884 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:10:37.0766 6884 MSiSCSI - ok
00:10:37.0799 6884 msiserver - ok
00:10:37.0912 6884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:10:37.0913 6884 MSKSSRV - ok
00:10:38.0271 6884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:10:38.0273 6884 MSPCLOCK - ok
00:10:38.0343 6884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:10:38.0344 6884 MSPQM - ok
00:10:38.0376 6884 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:10:38.0381 6884 MsRPC - ok
00:10:38.0399 6884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:10:38.0400 6884 mssmbios - ok
00:10:38.0423 6884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:10:38.0424 6884 MSTEE - ok
00:10:38.0447 6884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:10:38.0448 6884 MTConfig - ok
00:10:38.0466 6884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:10:38.0467 6884 Mup - ok
00:10:38.0515 6884 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
00:10:38.0522 6884 napagent - ok
00:10:38.0651 6884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:10:38.0654 6884 NativeWifiP - ok
00:10:38.0723 6884 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:10:38.0732 6884 NDIS - ok
00:10:38.0859 6884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:10:38.0860 6884 NdisCap - ok
00:10:38.0905 6884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:10:38.0905 6884 NdisTapi - ok
00:10:38.0956 6884 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:10:38.0958 6884 Ndisuio - ok
00:10:38.0999 6884 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:10:39.0001 6884 NdisWan - ok
00:10:39.0067 6884 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:10:39.0070 6884 NDProxy - ok
00:10:39.0115 6884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:10:39.0116 6884 NetBIOS - ok
00:10:39.0162 6884 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:10:39.0168 6884 NetBT - ok
00:10:39.0234 6884 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:10:39.0236 6884 Netlogon - ok
00:10:39.0316 6884 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:10:39.0323 6884 Netman - ok
00:10:39.0378 6884 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:10:39.0387 6884 netprofm - ok
00:10:39.0446 6884 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:10:39.0448 6884 NetTcpPortSharing - ok
00:10:39.0697 6884 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
00:10:39.0809 6884 netw5v64 - ok
00:10:39.0934 6884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:10:39.0936 6884 nfrd960 - ok
00:10:40.0042 6884 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
00:10:40.0047 6884 NlaSvc - ok
00:10:40.0105 6884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:10:40.0106 6884 Npfs - ok
00:10:40.0167 6884 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:10:40.0169 6884 nsi - ok
00:10:40.0199 6884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:10:40.0199 6884 nsiproxy - ok
00:10:40.0270 6884 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
00:10:40.0291 6884 Ntfs - ok
00:10:40.0389 6884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:10:40.0390 6884 Null - ok
00:10:40.0450 6884 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
00:10:40.0452 6884 nusb3hub - ok
00:10:40.0483 6884 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:10:40.0487 6884 nusb3xhc - ok
00:10:40.0617 6884 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
00:10:40.0621 6884 nvraid - ok
00:10:40.0660 6884 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
00:10:40.0663 6884 nvstor - ok
00:10:40.0717 6884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
 
TDSSKILLER log Part 2

00:10:40.0717 6884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:10:40.0720 6884 nv_agp - ok
00:10:40.0808 6884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:10:40.0809 6884 ohci1394 - ok
00:10:40.0904 6884 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:10:40.0907 6884 ose - ok
00:10:41.0087 6884 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:10:41.0210 6884 osppsvc - ok
00:10:41.0300 6884 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:10:41.0305 6884 p2pimsvc - ok
00:10:41.0325 6884 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:10:41.0331 6884 p2psvc - ok
00:10:41.0378 6884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:10:41.0380 6884 Parport - ok
00:10:41.0458 6884 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
00:10:41.0461 6884 partmgr - ok
00:10:41.0489 6884 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:10:41.0492 6884 PcaSvc - ok
00:10:41.0513 6884 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:10:41.0516 6884 pci - ok
00:10:41.0538 6884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
00:10:41.0539 6884 pciide - ok
00:10:41.0647 6884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:10:41.0650 6884 pcmcia - ok
00:10:41.0669 6884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:10:41.0670 6884 pcw - ok
00:10:41.0693 6884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:10:41.0700 6884 PEAUTH - ok
00:10:41.0777 6884 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:10:41.0778 6884 PerfHost - ok
00:10:41.0862 6884 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
00:10:41.0878 6884 pla - ok
00:10:42.0015 6884 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
00:10:42.0020 6884 PlugPlay - ok
00:10:42.0051 6884 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:10:42.0053 6884 PNRPAutoReg - ok
00:10:42.0090 6884 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:10:42.0093 6884 PNRPsvc - ok
00:10:42.0141 6884 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
00:10:42.0147 6884 PolicyAgent - ok
00:10:42.0181 6884 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:10:42.0185 6884 Power - ok
00:10:42.0304 6884 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:10:42.0306 6884 PptpMiniport - ok
00:10:42.0344 6884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:10:42.0345 6884 Processor - ok
00:10:42.0384 6884 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
00:10:42.0387 6884 ProfSvc - ok
00:10:42.0467 6884 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:10:42.0469 6884 ProtectedStorage - ok
00:10:42.0548 6884 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:10:42.0550 6884 Psched - ok
00:10:42.0621 6884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:10:42.0638 6884 ql2300 - ok
00:10:42.0726 6884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:10:42.0728 6884 ql40xx - ok
00:10:42.0773 6884 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:10:42.0778 6884 QWAVE - ok
00:10:42.0851 6884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:10:42.0853 6884 QWAVEdrv - ok
00:10:42.0878 6884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:10:42.0879 6884 RasAcd - ok
00:10:42.0972 6884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:10:42.0973 6884 RasAgileVpn - ok
00:10:43.0015 6884 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:10:43.0019 6884 RasAuto - ok
00:10:43.0061 6884 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:10:43.0064 6884 Rasl2tp - ok
00:10:43.0129 6884 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
00:10:43.0136 6884 RasMan - ok
00:10:43.0213 6884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:10:43.0216 6884 RasPppoe - ok
00:10:43.0293 6884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:10:43.0296 6884 RasSstp - ok
00:10:43.0322 6884 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:10:43.0327 6884 rdbss - ok
00:10:43.0345 6884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:10:43.0346 6884 rdpbus - ok
00:10:43.0372 6884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:10:43.0373 6884 RDPCDD - ok
00:10:43.0474 6884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:10:43.0475 6884 RDPENCDD - ok
00:10:43.0506 6884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:10:43.0507 6884 RDPREFMP - ok
00:10:43.0547 6884 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
00:10:43.0550 6884 RDPWD - ok
00:10:43.0623 6884 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
00:10:43.0628 6884 rdyboost - ok
00:10:43.0744 6884 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:10:43.0749 6884 RemoteAccess - ok
00:10:43.0830 6884 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:10:43.0837 6884 RemoteRegistry - ok
00:10:43.0892 6884 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
00:10:43.0901 6884 RoxioNow Service - ok
00:10:43.0975 6884 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:10:43.0978 6884 RpcEptMapper - ok
00:10:44.0008 6884 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:10:44.0010 6884 RpcLocator - ok
00:10:44.0094 6884 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:10:44.0104 6884 RpcSs - ok
00:10:44.0238 6884 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
00:10:44.0242 6884 RSPCIESTOR - ok
00:10:44.0324 6884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:10:44.0326 6884 rspndr - ok
00:10:44.0366 6884 RTL8167 (5d6a444bd37b52ff846387c87dcdf98a) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:10:44.0372 6884 RTL8167 - ok
00:10:44.0456 6884 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:10:44.0459 6884 SamSs - ok
00:10:44.0503 6884 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:10:44.0505 6884 sbp2port - ok
00:10:44.0542 6884 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:10:44.0547 6884 SCardSvr - ok
00:10:44.0641 6884 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:10:44.0643 6884 scfilter - ok
00:10:44.0712 6884 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
00:10:44.0726 6884 Schedule - ok
00:10:44.0807 6884 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:10:44.0808 6884 SCPolicySvc - ok
00:10:44.0884 6884 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
00:10:44.0887 6884 sdbus - ok
00:10:44.0919 6884 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
00:10:44.0923 6884 SDRSVC - ok
00:10:45.0037 6884 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
00:10:45.0041 6884 SeaPort - ok
00:10:45.0155 6884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:10:45.0156 6884 secdrv - ok
00:10:45.0196 6884 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
00:10:45.0198 6884 seclogon - ok
00:10:45.0260 6884 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:10:45.0262 6884 SENS - ok
00:10:45.0310 6884 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:10:45.0312 6884 SensrSvc - ok
00:10:45.0372 6884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:10:45.0373 6884 Serenum - ok
00:10:45.0456 6884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:10:45.0459 6884 Serial - ok
00:10:45.0484 6884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:10:45.0486 6884 sermouse - ok
00:10:45.0525 6884 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
00:10:45.0528 6884 SessionEnv - ok
00:10:45.0621 6884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:10:45.0622 6884 sffdisk - ok
00:10:45.0656 6884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:10:45.0657 6884 sffp_mmc - ok
00:10:45.0671 6884 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:10:45.0673 6884 sffp_sd - ok
00:10:45.0689 6884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:10:45.0704 6884 sfloppy - ok
00:10:45.0825 6884 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:10:45.0832 6884 SharedAccess - ok
00:10:45.0859 6884 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
00:10:45.0866 6884 ShellHWDetection - ok
00:10:45.0945 6884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:10:45.0947 6884 SiSRaid2 - ok
00:10:46.0046 6884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:10:46.0049 6884 SiSRaid4 - ok
00:10:46.0107 6884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:10:46.0109 6884 Smb - ok
00:10:46.0203 6884 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:10:46.0206 6884 SNMPTRAP - ok
00:10:46.0271 6884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:10:46.0273 6884 spldr - ok
00:10:46.0338 6884 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
00:10:46.0348 6884 Spooler - ok
00:10:46.0515 6884 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
00:10:46.0552 6884 sppsvc - ok
00:10:46.0644 6884 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:10:46.0650 6884 sppuinotify - ok
00:10:46.0748 6884 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
00:10:46.0755 6884 srv - ok
00:10:46.0871 6884 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
00:10:46.0876 6884 srv2 - ok
00:10:46.0915 6884 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:10:46.0919 6884 SrvHsfHDA - ok
00:10:46.0974 6884 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:10:46.0990 6884 SrvHsfV92 - ok
00:10:47.0108 6884 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:10:47.0118 6884 SrvHsfWinac - ok
00:10:47.0211 6884 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
00:10:47.0215 6884 srvnet - ok
00:10:47.0313 6884 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:10:47.0320 6884 SSDPSRV - ok
00:10:47.0432 6884 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:10:47.0437 6884 SstpSvc - ok
00:10:47.0513 6884 STacSV (7c49a5e1943afda4672d80726af3bae4) C:\Program Files\IDT\WDM\STacSV64.exe
00:10:47.0519 6884 STacSV - ok
00:10:47.0615 6884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:10:47.0617 6884 stexstor - ok
00:10:47.0710 6884 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
00:10:47.0717 6884 STHDA - ok
00:10:47.0860 6884 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
00:10:47.0873 6884 stisvc - ok
00:10:47.0964 6884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:10:47.0967 6884 swenum - ok
00:10:48.0145 6884 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:10:48.0154 6884 swprv - ok
00:10:48.0293 6884 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
00:10:48.0308 6884 SynTP - ok
00:10:48.0421 6884 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
00:10:48.0440 6884 SysMain - ok
00:10:48.0540 6884 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
00:10:48.0542 6884 TabletInputService - ok
00:10:48.0588 6884 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
00:10:48.0593 6884 TapiSrv - ok
00:10:48.0625 6884 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:10:48.0627 6884 TBS - ok
00:10:48.0742 6884 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
00:10:48.0763 6884 Tcpip - ok
00:10:48.0918 6884 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
00:10:48.0930 6884 TCPIP6 - ok
00:10:49.0023 6884 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:10:49.0024 6884 tcpipreg - ok
00:10:49.0071 6884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:10:49.0072 6884 TDPIPE - ok
00:10:49.0113 6884 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
00:10:49.0114 6884 TDTCP - ok
00:10:49.0224 6884 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:10:49.0226 6884 tdx - ok
00:10:49.0238 6884 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:10:49.0240 6884 TermDD - ok
00:10:49.0280 6884 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
00:10:49.0290 6884 TermService - ok
00:10:49.0376 6884 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:10:49.0378 6884 Themes - ok
00:10:49.0408 6884 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:10:49.0410 6884 THREADORDER - ok
00:10:49.0430 6884 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:10:49.0432 6884 TrkWks - ok
00:10:49.0471 6884 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
00:10:49.0473 6884 TrustedInstaller - ok
00:10:49.0540 6884 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:10:49.0542 6884 tssecsrv - ok
00:10:49.0629 6884 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:10:49.0631 6884 tunnel - ok
00:10:49.0658 6884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:10:49.0659 6884 uagp35 - ok
00:10:49.0737 6884 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
00:10:49.0741 6884 udfs - ok
00:10:49.0803 6884 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:10:49.0806 6884 UI0Detect - ok
00:10:49.0895 6884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:10:49.0896 6884 uliagpkx - ok
00:10:49.0953 6884 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:10:49.0954 6884 umbus - ok
00:10:50.0107 6884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:10:50.0108 6884 UmPass - ok
00:10:50.0293 6884 UNS (3a1ecef8d49fc1a786a6ccd5a86a8878) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:10:50.0319 6884 UNS - ok
00:10:50.0420 6884 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:10:50.0425 6884 upnphost - ok
00:10:50.0477 6884 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
00:10:50.0479 6884 usbccgp - ok
00:10:50.0561 6884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:10:50.0562 6884 usbcir - ok
00:10:50.0635 6884 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
00:10:50.0636 6884 usbehci - ok
00:10:50.0661 6884 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
00:10:50.0669 6884 usbhub - ok
00:10:50.0708 6884 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
00:10:50.0709 6884 usbohci - ok
00:10:50.0811 6884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:10:50.0812 6884 usbprint - ok
00:10:50.0842 6884 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:10:50.0843 6884 USBSTOR - ok
00:10:50.0893 6884 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
00:10:50.0895 6884 usbuhci - ok
00:10:51.0053 6884 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
00:10:51.0057 6884 usbvideo - ok
00:10:51.0088 6884 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:10:51.0091 6884 UxSms - ok
00:10:51.0180 6884 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:10:51.0181 6884 VaultSvc - ok
00:10:51.0252 6884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:10:51.0253 6884 vdrvroot - ok
00:10:51.0298 6884 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
00:10:51.0305 6884 vds - ok
00:10:51.0399 6884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:10:51.0400 6884 vga - ok
00:10:51.0421 6884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:10:51.0422 6884 VgaSave - ok
00:10:51.0456 6884 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:10:51.0459 6884 vhdmp - ok
00:10:51.0479 6884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:10:51.0480 6884 viaide - ok
00:10:51.0568 6884 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:10:51.0569 6884 volmgr - ok
00:10:51.0602 6884 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:10:51.0606 6884 volmgrx - ok
00:10:51.0637 6884 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:10:51.0640 6884 volsnap - ok
00:10:51.0760 6884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:10:51.0763 6884 vsmraid - ok
00:10:51.0840 6884 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
00:10:51.0860 6884 VSS - ok
00:10:51.0953 6884 vToolbarUpdater (49099f62da09c819ecc69e9d9267d3ac) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
00:10:51.0964 6884 vToolbarUpdater - ok
00:10:52.0120 6884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:10:52.0121 6884 vwifibus - ok
00:10:52.0179 6884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:10:52.0180 6884 vwififlt - ok
00:10:52.0231 6884 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:10:52.0232 6884 vwifimp - ok
00:10:52.0283 6884 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:10:52.0289 6884 W32Time - ok
00:10:52.0386 6884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:10:52.0387 6884 WacomPen - ok
00:10:52.0480 6884 WajamUpdater (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files\Wajam\Updater\WajamUpdater.exe
00:10:52.0482 6884 WajamUpdater - ok
00:10:52.0614 6884 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:10:52.0616 6884 WANARP - ok
00:10:52.0621 6884 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:10:52.0622 6884 Wanarpv6 - ok
00:10:52.0698 6884 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:10:52.0711 6884 WatAdminSvc - ok
00:10:52.0837 6884 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
00:10:52.0860 6884 wbengine - ok
00:10:52.0959 6884 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:10:52.0966 6884 WbioSrvc - ok
00:10:53.0006 6884 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
00:10:53.0014 6884 wcncsvc - ok
00:10:53.0056 6884 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:10:53.0059 6884 WcsPlugInService - ok
00:10:53.0116 6884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:10:53.0118 6884 Wd - ok
00:10:53.0192 6884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:10:53.0200 6884 Wdf01000 - ok
00:10:53.0287 6884 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:10:53.0290 6884 WdiServiceHost - ok
00:10:53.0295 6884 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:10:53.0297 6884 WdiSystemHost - ok
00:10:53.0331 6884 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
00:10:53.0335 6884 WebClient - ok
00:10:53.0381 6884 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:10:53.0386 6884 Wecsvc - ok
00:10:53.0393 6884 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:10:53.0396 6884 wercplsupport - ok
00:10:53.0492 6884 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:10:53.0495 6884 WerSvc - ok
00:10:53.0595 6884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:10:53.0596 6884 WfpLwf - ok
00:10:53.0667 6884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:10:53.0668 6884 WIMMount - ok
00:10:53.0694 6884 WinDefend - ok
00:10:53.0700 6884 WinHttpAutoProxySvc - ok
00:10:53.0812 6884 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:10:53.0815 6884 Winmgmt - ok
00:10:53.0898 6884 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
00:10:53.0920 6884 WinRM - ok
00:10:54.0456 6884 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUSB.sys
00:10:54.0458 6884 WinUsb - ok
00:10:54.0531 6884 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:10:54.0543 6884 Wlansvc - ok
00:10:54.0644 6884 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:10:54.0646 6884 wlcrasvc - ok
00:10:54.0726 6884 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:10:54.0751 6884 wlidsvc - ok
00:10:54.0842 6884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:10:54.0851 6884 WmiAcpi - ok
00:10:54.0892 6884 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:10:54.0896 6884 wmiApSrv - ok
00:10:54.0955 6884 WMPNetworkSvc - ok
00:10:55.0019 6884 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:10:55.0021 6884 WPCSvc - ok
00:10:55.0063 6884 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
00:10:55.0066 6884 WPDBusEnum - ok
00:10:55.0114 6884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:10:55.0115 6884 ws2ifsl - ok
00:10:55.0209 6884 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
00:10:55.0211 6884 wscsvc - ok
00:10:55.0217 6884 WSearch - ok
00:10:55.0284 6884 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
00:10:55.0311 6884 wuauserv - ok
00:10:55.0409 6884 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:10:55.0411 6884 WudfPf - ok
00:10:55.0427 6884 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:10:55.0430 6884 WUDFRd - ok
00:10:55.0453 6884 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
00:10:55.0456 6884 wudfsvc - ok
00:10:55.0538 6884 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:10:55.0544 6884 WwanSvc - ok
00:10:55.0616 6884 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
00:10:55.0620 6884 yukonw7 - ok
00:10:55.0673 6884 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
00:10:55.0696 6884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
00:10:55.0696 6884 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
00:10:55.0727 6884 Boot (0x1200) (a668b9f9530f321df6e3224dee9e9575) \Device\Harddisk0\DR0\Partition0
00:10:55.0728 6884 \Device\Harddisk0\DR0\Partition0 - ok
00:10:55.0742 6884 Boot (0x1200) (eecff7c21a64a01f1af2a8abdef48a2f) \Device\Harddisk0\DR0\Partition1
00:10:55.0743 6884 \Device\Harddisk0\DR0\Partition1 - ok
00:10:55.0773 6884 Boot (0x1200) (27903313925fca4826103115a2bb6bb1) \Device\Harddisk0\DR0\Partition2
00:10:55.0774 6884 \Device\Harddisk0\DR0\Partition2 - ok
00:10:55.0787 6884 Boot (0x1200) (beac9e6a36e70ed0c36cc23d27c1d630) \Device\Harddisk0\DR0\Partition3
00:10:55.0787 6884 \Device\Harddisk0\DR0\Partition3 - ok
00:10:55.0788 6884 ============================================================
00:10:55.0788 6884 Scan finished
00:10:55.0788 6884 ============================================================
00:10:55.0798 8640 Detected object count: 1
00:10:55.0798 8640 Actual detected object count: 1
00:11:27.0490 8640 \Device\Harddisk0\DR0\# - copied to quarantine
00:11:27.0490 8640 \Device\Harddisk0\DR0 - copied to quarantine
00:11:27.0519 8640 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
00:11:27.0521 8640 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
00:11:27.0525 8640 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
00:11:27.0533 8640 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
00:11:27.0538 8640 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
00:11:27.0539 8640 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
00:11:27.0540 8640 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
00:11:27.0541 8640 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
00:11:27.0542 8640 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
00:11:27.0545 8640 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
00:11:27.0546 8640 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
00:11:27.0569 8640 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
00:11:27.0569 8640 \Device\Harddisk0\DR0 - ok
00:11:30.0327 8640 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
00:11:54.0739 5084 Deinitialize success
 
Good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Just want to let you know

Java is trying to update. I am not allowing it to but I just realized that java has been trying to do that for weeks. Just thought I should let you know. I am off to your next task.
 
ComboFix log

ComboFix 12-04-01.01 - Rob 04/02/2012 1:27.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4044.2685 [GMT -4:00]
Running from: c:\users\Rob\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63D2EE13-9A6C-44EE-80B2-34D8541ABA8C}.xps
c:\users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6DE00AE2-21DB-4E2E-884C-FA32BFAD710F}.xps
c:\users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90E0526E-C532-4227-B926-5E663ADD92B5}.xps
c:\users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\{931C1DC8-F4F2-4A38-9B01-9D97B995AF3F}.xps
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 05:32 . 2012-04-02 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 04:11 . 2012-04-02 04:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-01 00:22 . 2012-04-01 00:22 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes
2012-04-01 00:22 . 2012-04-01 00:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-01 00:22 . 2012-04-01 00:22 -------- d-----w- c:\programdata\Malwarebytes
2012-04-01 00:22 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 22:00 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{689EE1A3-DC84-4DFB-9B49-B7AA60F79707}\mpengine.dll
2012-03-20 02:24 . 2012-03-20 02:24 -------- d-----w- c:\users\Rob\AppData\Local\adaware
2012-03-20 02:24 . 2012-03-24 16:21 -------- d-----w- c:\program files (x86)\adawaretb
2012-03-14 05:28 . 2012-03-14 05:28 388096 ----a-r- c:\users\Rob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-14 05:28 . 2012-03-14 05:28 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-14 02:26 . 2012-03-24 16:21 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-03-14 02:26 . 2012-03-24 16:21 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-03-14 02:26 . 2012-03-14 02:26 -------- d-----w- c:\programdata\Lavasoft
2012-03-14 02:26 . 2012-03-14 02:26 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-10 23:47 . 2012-03-14 04:46 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-10 23:45 . 2012-03-10 23:45 -------- d-----w- c:\program files\Wajam
2012-03-10 23:45 . 2012-03-10 23:45 -------- d-----w- c:\users\Rob\AppData\Local\Wajam
2012-03-10 23:44 . 2012-03-10 23:44 -------- d-----w- c:\users\Rob\AppData\Roaming\AVG2012
2012-03-10 23:38 . 2012-03-10 23:38 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-10 23:38 . 2012-03-24 16:44 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-10 23:38 . 2012-03-10 23:38 -------- d--h--w- c:\programdata\Common Files
2012-03-10 23:38 . 2012-03-10 23:38 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-10 23:37 . 2012-03-24 16:44 -------- d-----w- c:\programdata\AVG2012
2012-03-10 23:37 . 2012-03-10 23:45 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-10 23:35 . 2012-03-10 23:35 -------- d-----w- c:\program files (x86)\AVG
2012-03-10 23:30 . 2012-04-01 23:56 -------- d-----w- c:\programdata\MFAData
2012-03-10 23:30 . 2012-03-10 23:30 -------- d-----w- c:\users\Rob\AppData\Local\Google
2012-03-10 23:30 . 2012-03-10 23:30 -------- d-----w- c:\users\Rob\AppData\Local\I Want This
2012-03-08 02:05 . 2012-03-08 02:05 -------- d-----w- c:\users\Rob\AppData\Roaming\IDT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2011-04-16 01:16 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 09:58 . 2012-02-21 15:33 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-21 15:33 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-21 15:32 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-21 15:32 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-10 23:47 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-03-10 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-10 939872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-04 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-03-10 909152]
S2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [2012-03-09 109064]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\HPCeeScheduleForPARADISELAPTOP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-03-27 c:\windows\Tasks\HPCeeScheduleForRob.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-22 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-22 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-22 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Acrobat 4.0 - c:\program files (x86)\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-02 01:40:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 05:40
.
Pre-Run: 422,252,101,632 bytes free
Post-Run: 425,446,592,512 bytes free
.
- - End Of File - - 8EC5D7B64182505609143A66F4448C40
 
You must log in or register to reply here.

Similar threads

Tekman777
Problems with Windows Update and Defender
Replies
0
Views
494
Tekman777
Tekman777
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back