Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Windows 7 redirect

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Tue Dec 27, 2011 12:02 pm    Post subject: Windows 7 redirect Reply with quote
30 year electrical engineer, on a Lenovo laptop, tried everything.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by SeizeTheMemories at 14:31:26 on 2011-12-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1352 [GMT -5:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\nlssrv32.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs5\Bridge.exe" -stealth
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 66.18.32.2 66.18.32.3
TCP: Interfaces\{057E337F-28E6-4511-AD97-C87E7452F547} : DhcpNameServer = 66.18.32.2 66.18.32.3
TCP: Interfaces\{1DC36248-0629-41F8-8715-680A7D2DA63F} : DhcpNameServer = 66.18.32.2 66.18.32.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\seizethememories\appdata\roaming\mozilla\firefox\profiles\okbd67ha.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: dom.max_script_run_time - 10
FF - user.js: dom.max_chrome_script_run_time - 20
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-9-9 25968]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-9-9 13336]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-9-9 110752]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2009-12-18 57344]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-7-20 4446752]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-9-9 148840]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-7 855904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2011-9-9 368680]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2011-9-9 75816]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-9-9 33832]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]
RUnknown szkg5;szkg5; [x]
RUnknown szkgfs;szkgfs; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2011-12-27 98120]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-9-9 8192]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-9-9 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-9-8 45736]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-9-9 292200]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-10-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2011-12-27 23624]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-9-9 83304]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-9-9 12984]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown is3srv;is3srv; [x]
.
=============== Created Last 30 ================
.
2011-12-27 19:10:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-12-27 18:47:49 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2011-12-27 18:47:46 -------- d-----w- c:\program files\HitmanPro
2011-12-27 18:46:44 -------- d-----w- c:\programdata\HitmanPro
2011-12-27 18:33:40 -------- d-----w- c:\program files\WISECOMM USBDVR CLIENT
2011-12-27 18:33:33 65536 ----a-w- c:\windows\IFinst27.exe
2011-12-27 18:26:03 -------- d-----w- c:\users\seizethememories\appdata\local\{B403BBAF-8F51-47F4-8BA8-F446B266F9B3}
2011-12-27 18:25:50 -------- d-----w- c:\users\seizethememories\appdata\local\{AE9A4141-570F-48FC-85C8-FCF66C92B78C}
2011-12-27 15:28:34 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-27 15:28:34 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2011-12-27 15:28:34 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2011-12-27 15:28:34 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-27 06:25:20 -------- d-----w- c:\users\seizethememories\appdata\local\{19723CF7-403C-490A-B716-F85FEF5A2FB5}
2011-12-26 18:24:53 -------- d-----w- c:\users\seizethememories\appdata\local\{AECEA95A-F20F-4A24-BBDE-8076261B1A02}
2011-12-26 06:24:27 -------- d-----w- c:\users\seizethememories\appdata\local\{037AC390-870D-403B-9B73-52D92DB36461}
2011-12-25 18:24:04 -------- d-----w- c:\users\seizethememories\appdata\local\{8901461C-3821-4C95-89F3-1EBB92A060D7}
2011-12-25 18:23:54 -------- d-----w- c:\users\seizethememories\appdata\local\{A1D11CDB-8A43-4A7A-90E7-6F582E125CA8}
2011-12-25 06:23:25 -------- d-----w- c:\users\seizethememories\appdata\local\{0ED3E3B3-6F91-41AA-B473-8F2CDAD785F5}
2011-12-25 06:23:13 -------- d-----w- c:\users\seizethememories\appdata\local\{6AB23C1C-4ECE-4B99-94CF-0FEF72DFB46F}
2011-12-24 18:22:54 -------- d-----w- c:\users\seizethememories\appdata\local\{1399BFFA-B12F-4050-83EA-114CFB6F2553}
2011-12-24 18:22:40 -------- d-----w- c:\users\seizethememories\appdata\local\{35FA2E95-F5BA-4237-9513-0630DCD6F748}
2011-12-24 06:17:46 -------- d-----w- c:\users\seizethememories\appdata\local\{E8747E22-511B-4C83-8DB3-6DC35C89CC77}
2011-12-23 18:17:21 -------- d-----w- c:\users\seizethememories\appdata\local\{82A2DC52-F914-49A9-8948-B0E198BB110E}
2011-12-23 18:17:10 -------- d-----w- c:\users\seizethememories\appdata\local\{289C2BB5-4DEA-421A-B6B4-67037688F4DD}
2011-12-23 06:16:39 -------- d-----w- c:\users\seizethememories\appdata\local\{CA905414-CD43-454B-968C-CCD2AA553FC8}
2011-12-23 06:16:28 -------- d-----w- c:\users\seizethememories\appdata\local\{F37D12A7-B46D-40FB-8F5B-A95796194FA7}
2011-12-23 00:19:59 -------- d-----w- c:\users\seizethememories\appdata\roaming\com.adobe.DC3Module.AdobeADC
2011-12-22 18:16:13 -------- d-----w- c:\users\seizethememories\appdata\local\{D93B6BE7-F9C5-43A5-B340-2904F27240F8}
2011-12-22 18:16:00 -------- d-----w- c:\users\seizethememories\appdata\local\{AFE14948-5FE9-4FB3-8F10-CB70FF0E8E0A}
2011-12-22 00:42:08 -------- d-----w- c:\users\seizethememories\appdata\local\{C7F14976-78DD-4CC0-8B43-6E502C0B4E32}
2011-12-22 00:41:57 -------- d-----w- c:\users\seizethememories\appdata\local\{7A61850D-67E2-4F60-968A-8A8553828DDA}
2011-12-21 01:17:47 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-20 22:12:34 -------- d-----w- c:\users\seizethememories\appdata\local\{24DFF584-A6F1-434C-9DBF-6CE5BE5A5BEA}
2011-12-20 22:12:23 -------- d-----w- c:\users\seizethememories\appdata\local\{0C521FEF-A42B-4CE0-A5BC-0EF39600760A}
2011-12-20 10:11:48 -------- d-----w- c:\users\seizethememories\appdata\local\{553D0DF4-1D31-4F6A-8C2F-D78C5E44E303}
2011-12-20 10:11:30 -------- d-----w- c:\users\seizethememories\appdata\local\{64D65938-4A2A-4078-BFF5-0C20F79C10E9}
2011-12-20 09:55:11 -------- d-----w- c:\users\seizethememories\appdata\roaming\PDAppFlex
2011-12-19 22:11:16 -------- d-----w- c:\users\seizethememories\appdata\local\{534556AF-C986-4CDF-8862-85CC19CBB750}
2011-12-19 22:11:05 -------- d-----w- c:\users\seizethememories\appdata\local\{9426B421-7D75-4399-A2CC-FE517152ACBA}
2011-12-19 10:10:53 -------- d-----w- c:\users\seizethememories\appdata\local\{E195F84C-037D-47A2-9353-012748F06962}
2011-12-19 10:10:43 -------- d-----w- c:\users\seizethememories\appdata\local\{A17A3B15-83A9-4336-BF75-FDDF1D98E6A5}
2011-12-18 22:10:29 -------- d-----w- c:\users\seizethememories\appdata\local\{5BFBA052-6449-4978-9AFE-E3BF94EBBDC4}
2011-12-18 22:10:17 -------- d-----w- c:\users\seizethememories\appdata\local\{59F180F2-77CA-4585-A922-0AB465DC380D}
2011-12-18 10:09:44 -------- d-----w- c:\users\seizethememories\appdata\local\{F9C39DD4-220C-4E90-BD37-CFE0B2261417}
2011-12-17 22:40:23 -------- d-----w- c:\program files\iPod
2011-12-17 22:40:21 -------- d-----w- c:\program files\iTunes
2011-12-17 22:09:13 -------- d-----w- c:\users\seizethememories\appdata\local\{8C293247-1F07-4A61-8705-94F343DFAB64}
2011-12-17 09:52:19 -------- d-----w- c:\users\seizethememories\appdata\local\{A30096A4-5CF7-4D6E-9AD7-038B4E5D1076}
2011-12-16 21:51:36 -------- d-----w- c:\users\seizethememories\appdata\local\{21584B9C-6AFC-4D40-89D2-57F340330518}
2011-12-16 21:51:22 -------- d-----w- c:\users\seizethememories\appdata\local\{CFC4B3E9-0085-402C-B61C-C97889A95D53}
2011-12-16 06:29:51 -------- d-----w- c:\users\seizethememories\appdata\local\{92D53806-DE96-4D6A-AA00-6CC20A077FA2}
2011-12-16 06:29:40 -------- d-----w- c:\users\seizethememories\appdata\local\{8E50F3D3-D15E-4414-AB1D-43EEAE2CCEB7}
2011-12-15 19:33:50 -------- d-----w- c:\users\seizethememories\appdata\roaming\Nolo
2011-12-15 19:33:45 -------- d-----w- c:\users\seizethememories\appdata\local\Quicken WillMaker Plus 2011
2011-12-15 19:01:51 -------- d-----w- c:\users\seizethememories\2011
2011-12-15 18:35:20 2340352 ------w- c:\windows\system32\win32k.sys
2011-12-15 18:35:11 2048 ------w- c:\windows\system32\tzres.dll
2011-12-15 18:34:50 534528 ------w- c:\windows\system32\EncDec.dll
2011-12-15 18:34:47 38912 ------w- c:\windows\system32\csrsrv.dll
2011-12-15 18:34:43 3957104 ------w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 18:34:43 3901808 ------w- c:\windows\system32\ntoskrnl.exe
2011-12-15 18:28:52 -------- d-----w- c:\users\seizethememories\appdata\local\{C6B19291-670E-44B2-8567-DD33F5370FE3}
2011-12-14 23:54:15 -------- d-----w- c:\users\seizethememories\appdata\local\{4852AA41-6E40-4722-913E-110BEED83245}
2011-12-14 11:53:46 -------- d-----w- c:\users\seizethememories\appdata\local\{01F1CC89-769D-43B8-A6C8-2CFE650C33C2}
2011-12-13 23:53:21 -------- d-----w- c:\users\seizethememories\appdata\local\{F8AA111D-B3F0-49B3-868C-47585273FE11}
2011-12-13 11:52:56 -------- d-----w- c:\users\seizethememories\appdata\local\{DD890A97-56E9-4CAD-AF2F-3A56A9659693}
2011-12-12 23:52:30 -------- d-----w- c:\users\seizethememories\appdata\local\{AC278057-AD10-4540-9650-4F0171EE27AA}
2011-12-12 23:52:19 -------- d-----w- c:\users\seizethememories\appdata\local\{4609D936-CE96-42A1-B182-B67EEE90F985}
2011-12-12 21:12:48 354816 ------w- c:\windows\system32\CNMNPPM.DLL
2011-12-12 21:12:48 137216 ------w- c:\windows\system32\CNMNPUI.DLL
2011-12-12 21:12:48 -------- d-----w- c:\windows\system32\STRING
2011-12-12 21:12:48 -------- d-----w- c:\windows\system32\CHM
2011-12-12 21:12:19 70656 ------w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPA5.DLL
2011-12-12 21:12:19 27136 ------w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDA5.DLL
2011-12-12 15:42:50 -------- d-----w- c:\program files\Avery Dennison
2011-12-12 11:51:45 -------- d-----w- c:\users\seizethememories\appdata\local\{D7396540-CEAB-4789-9526-3600C7FCF275}
2011-12-11 23:51:13 -------- d-----w- c:\users\seizethememories\appdata\local\{CA16D5B7-8870-4C13-9F19-3D85163CA15D}
2011-12-10 23:53:12 -------- d-----w- c:\users\seizethememories\appdata\local\{84FE45ED-7B3D-405E-A625-AA567248A518}
2011-12-10 19:16:03 -------- d-----w- c:\program files\CAM Development
2011-12-10 19:00:12 -------- d-----w- c:\users\seizethememories\appdata\roaming\Media Get LLC
2011-12-10 19:00:12 -------- d-----w- c:\programdata\Media Get LLC
2011-12-10 11:52:49 -------- d-----w- c:\users\seizethememories\appdata\local\{574EAC39-F5E4-4551-8BC2-21ABA6C16E56}
2011-12-09 23:52:26 -------- d-----w- c:\users\seizethememories\appdata\local\{B8AF2BBB-8C19-4D9A-8A8D-DADF872F0635}
2011-12-09 11:52:04 -------- d-----w- c:\users\seizethememories\appdata\local\{75F7FED9-9DB2-46F1-95C8-0E8795E4C172}
2011-12-08 23:51:37 -------- d-----w- c:\users\seizethememories\appdata\local\{5D8D5B29-EB08-45DB-9C69-329E515217D2}
2011-12-08 11:51:13 -------- d-----w- c:\users\seizethememories\appdata\local\{BC403147-1A5A-4448-A1E2-4E0F18C2B950}
2011-12-07 23:50:49 -------- d-----w- c:\users\seizethememories\appdata\local\{72E64FFA-C7D3-4C7E-A888-FBD6764FCB45}
2011-12-07 23:50:38 -------- d-----w- c:\users\seizethememories\appdata\local\{6C188207-A89B-401F-9519-4DF33EC9A3DB}
2011-12-07 12:35:24 84992 ------w- c:\windows\system32\drivers\sdbus.sys
2011-12-07 12:35:24 12800 ------w- c:\windows\system32\drivers\sffp_sd.sys
2011-12-07 12:34:31 802304 ------w- c:\windows\system32\FntCache.dll
2011-12-07 12:34:31 1074176 ------w- c:\windows\system32\DWrite.dll
2011-12-07 12:34:30 739840 ------w- c:\windows\system32\d2d1.dll
2011-12-07 11:50:04 -------- d-----w- c:\users\seizethememories\appdata\local\{038BF374-7AF4-433C-9495-91E0584B25C5}
2011-12-07 11:49:52 -------- d-----w- c:\users\seizethememories\appdata\local\{52F73B1D-9B7A-4865-BAA0-4EF45AE9C010}
2011-12-07 11:26:52 -------- d-----w- c:\program files\Windows Loader
2011-12-07 08:38:35 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-07 08:38:31 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-12-07 08:38:29 -------- d-----w- c:\program files\AVG Secure Search
2011-12-06 15:57:39 -------- d-----w- c:\users\seizethememories\appdata\local\{94B052CB-E31F-4A76-9AB2-CBCF02BE9D68}
2011-12-06 15:57:28 -------- d-----w- c:\users\seizethememories\appdata\local\{8F2A6C51-A812-436C-A750-A3EE9033743A}
2011-12-05 09:42:55 -------- d-----w- c:\users\seizethememories\2007
2011-12-02 00:05:16 -------- d-----w- c:\programdata\Nik Software
2011-11-30 14:07:41 -------- d-----w- c:\users\seizethememories\appdata\roaming\Digital Support
2011-11-30 07:30:03 -------- d-----w- c:\users\seizethememories\appdata\local\{85FA2642-AB60-48A0-A749-E44EC31E92AE}
2011-11-29 19:29:37 -------- d-----w- c:\users\seizethememories\appdata\local\{C64ED5B6-C14A-4AC8-AB93-40944D786C36}
2011-11-29 07:29:10 -------- d-----w- c:\users\seizethememories\appdata\local\{D25FCCC4-6039-4048-B97B-BDDDD1C8C1A8}
2011-11-28 19:28:43 -------- d-----w- c:\users\seizethememories\appdata\local\{54E89890-1699-4547-A2CB-D53D9F94D0DC}
2011-11-28 19:28:32 -------- d-----w- c:\users\seizethememories\appdata\local\{0BEF6871-5147-423F-9B70-16ACBCD7B32E}
2011-11-28 07:28:02 -------- d-----w- c:\users\seizethememories\appdata\local\{84EC6EEC-FDDA-471A-AF32-1FF731733465}
.
==================== Find3M ====================
.
2011-12-25 11:00:10 12984 ------w- c:\windows\system32\drivers\SWDUMon.sys
2011-12-12 15:06:35 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-27 00:04:18 3072 ------w- c:\windows\system32\Viveza2FC32.dll
2011-11-19 06:19:13 1328512 ------w- c:\windows\system32\PhotoJoy Screensaver.scr
2011-10-24 18:29:02 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ------w- c:\windows\system32\QuickTime.qts
2011-10-19 23:16:12 472808 ------w- c:\windows\system32\deployJava1.dll
2011-10-07 16:54:18 140096 ------w- c:\windows\system32\COMDLG32.OCX
2011-09-29 15:43:37 1285488 ------w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:54:48 947472 ------w- c:\windows\system32\msjava.dll
2003-01-31 09:43:19 6065152 ------w- c:\program files\Mystical.exe
2003-01-31 00:20:26 1396736 ------w- c:\program files\Mystical_PlugIn.8bf
.
============= FINISH: 14:33:19.96 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/9/2011 1:51:41 AM
System Uptime: 12/27/2011 2:14:27 PM (0 hours ago)
.
Motherboard: LENOVO | |
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | None | 2201/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 89.921 GiB free.
D: is CDROM ()
Z: is NetworkDisk (NTFS) - 732 GiB total, 286.109 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP66: 10/28/2011 11:28:41 AM - Removed SlimComputer
RP67: 11/5/2011 3:59:45 AM - Scheduled Checkpoint
RP68: 11/8/2011 3:00:11 AM - Windows Update
RP69: 11/9/2011 3:00:19 AM - Windows Update
RP70: 11/12/2011 3:00:29 AM - Windows Update
RP71: 11/21/2011 6:10:13 AM - Scheduled Checkpoint
RP72: 11/27/2011 12:26:27 AM - Installed buZZ.PiX 1.0
RP73: 11/27/2011 12:28:08 AM - Installed buZZ.Pro 2.0
RP74: 11/27/2011 12:29:34 AM - Installed buZZ.Simplifier 1.0
RP76: 11/27/2011 12:39:15 AM - Installed LuraWave.jp2 Photoshop Plug-In
RP78: 11/27/2011 12:41:11 AM - Installed LuraWave.jp2 Photoshop Plug-In
RP80: 11/27/2011 8:41:08 AM - SlimDrivers Installing Drivers
RP81: 11/27/2011 8:42:34 AM - Installed AuthenTec Fingerprint Driver
RP82: 11/27/2011 11:01:36 AM - Installed Adobe Photoshop Lightroom 3.5.
RP83: 12/5/2011 11:22:18 AM - Scheduled Checkpoint
RP84: 12/7/2011 6:30:04 AM - Windows Modules Installer
RP85: 12/7/2011 7:35:02 AM - Windows Update
RP87: 12/12/2011 10:40:58 AM - Installed DesignPro 5.4 Limited Edition
RP89: 12/16/2011 12:22:01 PM - Windows Update
RP90: 12/20/2011 9:20:46 PM - Windows Modules Installer
RP92: 12/21/2011 7:21:32 PM - SlimDrivers Installing Drivers
RP93: 12/27/2011 11:20:49 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP95: 12/27/2011 1:14:37 PM - StopZILLA! Restore Point.
RP96: 12/27/2011 2:19:24 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
.
==== Installed Programs ======================
.
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe Community Help
Adobe Content Viewer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop CS6
Adobe Photoshop Lightroom 3.5
Adobe Widget Browser
Alien Skin Eye Candy 6
AlphaStrip 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Driver
AutoEye
AVG 2011
Bonjour
Broadcom InConcert Maestro
Business Card Designer 5.0
Business Card Designer Plus 7.1.0.0
buZZ.PiX 1.0
buZZ.Pro 2.0
buZZ.Simplifier 1.0
Canon Easy-WebPrint EX
Canon MX340 series MP Drivers
Canon Utilities Digital Photo Professional 3.5
Color Efex Pro 3.0 Complete
ColorWasher
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesignPro 5.4 Limited Edition
Duplicate Cleaner 2.1
Filters Unlimited 2.0
FinitySoft Memory Manger 4.0
Glary Utilities 2.40.0.1326
HiJackThis
HijackThis 1.99.1
HitmanPro 3.6
HyperTyle 1.02
Imagenomic Portraiture 2.2.1 Lightroom Plug-in (build 2210)
Imagenomic Portraiture 2.3
Imagenomic Portraiture 2.3 Plug-in (build 2308)
Imagenomic RealGrain 1.1 Plug-in (build 1103)
Intel PROSet Wireless
Intel(R) Network Connections 15.7.176.0
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo ThinkVantage Toolbox
MediaGet
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Digital Image Library 9 - Blocker
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Photo Premium 10
Microsoft Picture It! Library 10
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neat Image v6.0 Pro+
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
Paint.NET v3.5.10
PAN Fire 3.1
PAN Lens Pro III 3.6
Panopticum Digitalizer 1.1
Panopticum Engraver 1.1
Path Styler
PC Fixer
PDF Settings CS6
PhotoJoy
Photomatix Pro version 4.0.2
PhotoScape
PlaidMaker Plus v1.1
Portrait Professional Max 6.3
Quick PDF FileBulldog Toolbar
Quicken WillMaker Plus 2011
QuickTime
Rescue and Recovery
RICOH R5U8xx Media Driver ver.3.64.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skype™ 5.5
SlimDrivers
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
UIF to ISO version 1.0
Uninstall DreamSuite Bonus
Uninstall Mystical
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Viveza 2
Vizros Plug-ins 4.1
WinBubble
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
WISECOMM CLIENT
.
==== Event Viewer Messages From Past Week ========
.
12/27/2011 2:24:26 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/27/2011 2:15:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
12/27/2011 2:15:09 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/27/2011 2:15:07 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/27/2011 2:15:07 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/27/2011 11:36:51 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
12/27/2011 11:19:28 AM, Error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
12/27/2011 11:19:28 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/27/2011 11:19:28 AM, Error: Service Control Manager [7034] - The Nalpeiron Licensing Service service terminated unexpectedly. It has done this 1 time(s).
12/27/2011 11:19:28 AM, Error: Service Control Manager [7034] - The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
12/27/2011 11:19:28 AM, Error: Service Control Manager [7034] - The Andrea ADI Filters Service service terminated unexpectedly. It has done this 1 time(s).
12/27/2011 11:06:03 AM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
12/27/2011 10:44:29 AM, Error: Service Control Manager [7023] - The Network ProService service terminated with the following error: The specified module could not be found.
12/27/2011 10:44:16 AM, Error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
12/27/2011 1:57:24 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/27/2011 1:57:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/27/2011 1:57:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/27/2011 1:57:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/27/2011 1:57:12 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
12/27/2011 1:57:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/27/2011 1:56:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x8d600000, 0x00000001, 0x82c59813, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122711-23150-01.
12/27/2011 1:56:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache is3srv spldr TPPWRIF Wanarpv6
12/27/2011 1:56:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Thu Dec 29, 2011 5:20 am    Post subject: Reply with quote
Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Thu Dec 29, 2011 5:28 am    Post subject: Reply with quote
Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.

Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi eldoncooper

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Your DDS logs show you have an infection known as Zero Access, this is a serious infection and some variants can be very difficult to remove. There is a good chance that you may lose your Internet connection during any cleanup process, so you may need to have access to another computer so that if that happens we can continue till your computer is functioning properly again.

You might want to consider re-formatting your hard drive and re-installing Windows, since this can often be the simplest and quickest way to remove this infection.

If that option is not one you wish to consider, and you want to attempt to clean your computer, then please do the following ....

First

If you haven't already done so, then backup your personal files and folders.

Next

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop


  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.

  • Double click on ComboFix.exe and follow the prompts.

  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.


**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Thu Dec 29, 2011 8:04 am    Post subject: Combofix report Reply with quote
ComboFix 11-12-29.04 - SeizeTheMemories 12/29/2011 10:15:56.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2077 [GMT -5:00]
Running from: c:\users\SeizeTheMemories\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{67cdd5a0-c572-4d2c-a354-6492b51f4138}\setup.msi
c:\programdata\PCDr\5849\AddOnDownloaded\070ba803-49f8-4fe7-8a18-40930827162f.dll
c:\programdata\PCDr\5849\AddOnDownloaded\2d662263-8349-40fc-8bca-552cc5d7cfda.dll
c:\programdata\PCDr\5849\AddOnDownloaded\d97b7615-5719-44f8-a032-b5cae54a0299.dll
c:\programdata\Roaming
c:\windows\$NtUninstallKB13887$\2584940353
c:\windows\$NtUninstallKB13887$\3110309724\@
c:\windows\$NtUninstallKB13887$\3110309724\bckfg.tmp
c:\windows\$NtUninstallKB13887$\3110309724\cfg.ini
c:\windows\$NtUninstallKB13887$\3110309724\Desktop.ini
c:\windows\$NtUninstallKB13887$\3110309724\keywords
c:\windows\$NtUninstallKB13887$\3110309724\kwrd.dll
c:\windows\$NtUninstallKB13887$\3110309724\L\xadqgnnk
c:\windows\$NtUninstallKB13887$\3110309724\lsflt7.ver
c:\windows\$NtUninstallKB13887$\3110309724\U\00000001.@
c:\windows\$NtUninstallKB13887$\3110309724\U\00000002.@
c:\windows\$NtUninstallKB13887$\3110309724\U\00000004.@
c:\windows\$NtUninstallKB13887$\3110309724\U\80000000.@
c:\windows\$NtUninstallKB13887$\3110309724\U\80000004.@
c:\windows\$NtUninstallKB13887$\3110309724\U\80000032.@
c:\windows\system32\certstore.dat
c:\windows\$NtUninstallKB13887$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-28 03:53 . 2011-12-28 03:53 -------- d-----w- c:\programdata\Lenovo
2011-12-28 03:49 . 2011-12-28 03:49 -------- d-----w- c:\programdata\Intel
2011-12-28 03:48 . 2011-12-28 03:48 -------- d-----w- c:\program files\Cisco
2011-12-28 03:48 . 2011-12-28 03:48 -------- d-----w- c:\program files\Common Files\Intel
2011-12-28 03:23 . 2011-12-28 03:23 -------- d-----w- c:\windows\system32\lenovo
2011-12-28 02:35 . 2011-12-28 02:35 -------- d-----w- c:\users\SeizeTheMemories\AppData\Local\Akamai
2011-12-27 19:10 . 2011-12-27 19:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-12-27 18:47 . 2011-12-27 19:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2011-12-27 18:47 . 2011-12-27 18:47 -------- d-----w- c:\program files\HitmanPro
2011-12-27 18:46 . 2011-12-27 19:10 -------- d-----w- c:\programdata\HitmanPro
2011-12-27 18:33 . 2011-12-27 18:33 -------- d-----w- c:\program files\WISECOMM USBDVR CLIENT
2011-12-27 18:33 . 2011-12-27 18:33 65536 ----a-w- c:\windows\IFinst27.exe
2011-12-27 15:28 . 2011-12-27 15:28 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-27 15:28 . 2011-12-27 15:28 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-27 15:28 . 2011-12-27 15:28 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-27 15:28 . 2011-12-27 15:28 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-23 00:19 . 2011-12-23 00:19 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\com.adobe.DC3Module.AdobeADC
2011-12-21 01:17 . 2011-12-21 01:17 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-20 09:55 . 2011-12-20 09:55 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\PDAppFlex
2011-12-17 22:40 . 2011-12-17 22:40 -------- d-----w- c:\program files\iPod
2011-12-17 22:40 . 2011-12-17 22:41 -------- d-----w- c:\program files\iTunes
2011-12-15 19:33 . 2011-12-15 19:33 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\Nolo
2011-12-15 19:33 . 2011-12-20 22:41 -------- d-----w- c:\users\SeizeTheMemories\AppData\Local\Quicken WillMaker Plus 2011
2011-12-15 19:01 . 2011-12-20 02:29 -------- d-----w- c:\users\SeizeTheMemories\2011
2011-12-15 18:35 . 2011-11-24 04:23 2340352 ------w- c:\windows\system32\win32k.sys
2011-12-15 18:35 . 2011-11-05 04:30 2048 ------w- c:\windows\system32\tzres.dll
2011-12-15 18:34 . 2011-10-15 05:48 534528 ------w- c:\windows\system32\EncDec.dll
2011-12-15 18:34 . 2011-10-26 04:25 38912 ------w- c:\windows\system32\csrsrv.dll
2011-12-15 18:34 . 2011-10-26 04:42 3901808 ------w- c:\windows\system32\ntoskrnl.exe
2011-12-15 18:34 . 2011-10-26 04:42 3957104 ------w- c:\windows\system32\ntkrnlpa.exe
2011-12-12 22:29 . 2011-12-12 22:29 -------- d-----w- c:\windows\Sun
2011-12-12 21:12 . 2011-12-12 21:12 -------- d-----w- c:\windows\system32\STRING
2011-12-12 21:12 . 2011-12-12 21:12 -------- d-----w- c:\windows\system32\CHM
2011-12-12 21:12 . 2009-10-09 20:01 137216 ------w- c:\windows\system32\CNMNPUI.DLL
2011-12-12 21:12 . 2009-10-09 20:01 354816 ------w- c:\windows\system32\CNMNPPM.DLL
2011-12-12 21:12 . 2010-05-16 10:00 70656 ------w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA5.DLL
2011-12-12 21:12 . 2010-05-16 10:00 27136 ------w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA5.DLL
2011-12-12 21:12 . 2011-12-12 21:12 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-12-12 21:10 . 2011-12-12 21:10 -------- d--h--w- c:\program files\CanonBJ
2011-12-12 21:06 . 2011-12-12 21:06 -------- d--h--w- c:\programdata\CanonBJ
2011-12-12 15:42 . 2011-12-12 15:42 -------- d-----w- c:\program files\Avery Dennison
2011-12-12 15:42 . 2011-12-12 15:43 -------- d-----w- c:\programdata\Avery
2011-12-10 19:16 . 2011-12-10 19:16 -------- d-----w- c:\program files\CAM Development
2011-12-10 19:00 . 2011-12-10 19:00 -------- d-----w- c:\programdata\Media Get LLC
2011-12-10 19:00 . 2011-12-10 19:00 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\Media Get LLC
2011-12-07 12:35 . 2009-10-10 02:57 12800 ------w- c:\windows\system32\drivers\sffp_sd.sys
2011-12-07 12:35 . 2009-10-10 02:31 84992 ------w- c:\windows\system32\drivers\sdbus.sys
2011-12-07 12:34 . 2011-02-19 05:33 802304 ------w- c:\windows\system32\FntCache.dll
2011-12-07 12:34 . 2011-02-19 05:32 1074176 ------w- c:\windows\system32\DWrite.dll
2011-12-07 12:34 . 2011-02-19 05:32 739840 ------w- c:\windows\system32\d2d1.dll
2011-12-07 11:26 . 2011-12-07 11:26 -------- d-----w- c:\program files\Windows Loader
2011-12-07 08:38 . 2011-12-07 08:38 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-07 08:38 . 2011-12-07 08:38 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-12-07 08:38 . 2011-12-07 08:38 -------- d-----w- c:\program files\AVG Secure Search
2011-12-05 09:42 . 2011-12-05 09:42 -------- d-----w- c:\users\SeizeTheMemories\2007
2011-12-02 00:05 . 2011-12-02 00:05 -------- d-----w- c:\programdata\Nik Software
2011-11-30 14:07 . 2011-11-30 14:08 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\Digital Support
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 03:05 . 2011-09-09 06:45 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-12-12 15:06 . 2011-09-09 16:32 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 08:05 . 2011-09-09 06:12 527424 ------w- c:\windows\PWMBTHLV.EXE
2011-12-01 08:05 . 2011-09-09 06:12 834624 ------w- c:\windows\system32\PWMCP32V.cpl
2011-12-01 08:05 . 2011-09-09 06:12 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2011-12-01 08:05 . 2011-09-09 06:12 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2011-11-27 00:04 . 2011-11-27 04:07 3072 ------w- c:\windows\system32\Viveza2FC32.dll
2011-11-19 06:19 . 2011-11-19 06:19 1328512 ------w- c:\windows\system32\PhotoJoy Screensaver.scr
2011-10-24 18:29 . 2011-10-24 18:29 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ------w- c:\windows\system32\QuickTime.qts
2011-10-19 23:16 . 2011-10-19 23:16 472808 ------w- c:\windows\system32\deployJava1.dll
2011-10-10 05:18 . 2011-03-28 22:36 18328 ------w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-07 16:54 . 2011-10-17 21:35 140096 ------w- c:\windows\system32\COMDLG32.OCX
2003-01-31 09:43 . 2003-01-20 18:07 6065152 ------w- c:\program files\Mystical.exe
2003-01-31 00:20 . 2003-01-20 18:07 1396736 ------w- c:\program files\Mystical_PlugIn.8bf
2011-12-27 15:28 . 2011-09-09 15:24 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-07 08:38 1547104 ------w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-10 12002664]
"Akamai NetSession Interface"="c:\users\SeizeTheMemories\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
"BySoft FreeRAM"="c:\program files\FinitySoft Memory Manger\MemoryManager.exe" [2007-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-07 827232]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-12-01 1322048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-1-19 902432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48 58656 ------w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-08-27 06:10 1657376 ------w- c:\windows\System32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoJoy]
2011-11-19 06:19 1049984 ------w- c:\program files\PhotoJoy\Bin\PhotoJoy.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2011-12-27 98120]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-09-09 8192]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 243712]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2000-01-01 368680]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2000-01-01 75816]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33832]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2011-12-27 23624]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-12-28 12984]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-12-01 25968]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 948736]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [2011-03-10 2708024]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 110752]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2009-12-18 57344]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-20 4446752]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-07 855904]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-12-01 292200]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-09-09 14:50]
.
2011-12-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2011-12-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2011-12-25 c:\windows\Tasks\SlimDrivers Scan.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2011-09-07 15:32]
.
2011-12-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 66.18.32.2 66.18.32.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/hk/en/SmartDownloading/cab/npdueng.cab
FF - ProfilePath - c:\users\SeizeTheMemories\AppData\Roaming\Mozilla\Firefox\Profiles\okbd67ha.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: dom.max_script_run_time - 10
FF - user.js: dom.max_chrome_script_run_time - 20
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4808)
c:\program files\Lenovo\Bluetooth Software\btmmhook.dll
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\Lenovo\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Lenovo\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG10\avgam.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-12-29 10:44:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 15:44
.
Pre-Run: 98,936,705,024 bytes free
Post-Run: 98,937,552,896 bytes free
.
- - End Of File - - 273186F6E252331D76E14D7F64D86181
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Thu Dec 29, 2011 8:05 am    Post subject: Combofix report Reply with quote
ComboFix 11-12-29.04 - SeizeTheMemories 12/29/2011 10:15:56.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2077 [GMT -5:00]
Running from: c:\users\SeizeTheMemories\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{67cdd5a0-c572-4d2c-a354-6492b51f4138}\setup.msi
c:\programdata\PCDr\5849\AddOnDownloaded\070ba803-49f8-4fe7-8a18-40930827162f.dll
c:\programdata\PCDr\5849\AddOnDownloaded\2d662263-8349-40fc-8bca-552cc5d7cfda.dll
c:\programdata\PCDr\5849\AddOnDownloaded\d97b7615-5719-44f8-a032-b5cae54a0299.dll
c:\programdata\Roaming
c:\windows\$NtUninstallKB13887$\2584940353
c:\windows\$NtUninstallKB13887$\3110309724\@
c:\windows\$NtUninstallKB13887$\3110309724\bckfg.tmp
c:\windows\$NtUninstallKB13887$\3110309724\cfg.ini
c:\windows\$NtUninstallKB13887$\3110309724\Desktop.ini
c:\windows\$NtUninstallKB13887$\3110309724\keywords
c:\windows\$NtUninstallKB13887$\3110309724\kwrd.dll
c:\windows\$NtUninstallKB13887$\3110309724\L\xadqgnnk
c:\windows\$NtUninstallKB13887$\3110309724\lsflt7.ver
c:\windows\$NtUninstallKB13887$\3110309724\U\00000001.@
c:\windows\$NtUninstallKB13887$\3110309724\U\00000002.@
c:\windows\$NtUninstallKB13887$\3110309724\U\00000004.@
c:\windows\$NtUninstallKB13887$\3110309724\U\80000000.@
c:\windows\$NtUninstallKB13887$\3110309724\U\80000004.@
c:\windows\$NtUninstallKB13887$\3110309724\U\80000032.@
c:\windows\system32\certstore.dat
c:\windows\$NtUninstallKB13887$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-28 03:53 . 2011-12-28 03:53 -------- d-----w- c:\programdata\Lenovo
2011-12-28 03:49 . 2011-12-28 03:49 -------- d-----w- c:\programdata\Intel
2011-12-28 03:48 . 2011-12-28 03:48 -------- d-----w- c:\program files\Cisco
2011-12-28 03:48 . 2011-12-28 03:48 -------- d-----w- c:\program files\Common Files\Intel
2011-12-28 03:23 . 2011-12-28 03:23 -------- d-----w- c:\windows\system32\lenovo
2011-12-28 02:35 . 2011-12-28 02:35 -------- d-----w- c:\users\SeizeTheMemories\AppData\Local\Akamai
2011-12-27 19:10 . 2011-12-27 19:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-12-27 18:47 . 2011-12-27 19:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2011-12-27 18:47 . 2011-12-27 18:47 -------- d-----w- c:\program files\HitmanPro
2011-12-27 18:46 . 2011-12-27 19:10 -------- d-----w- c:\programdata\HitmanPro
2011-12-27 18:33 . 2011-12-27 18:33 -------- d-----w- c:\program files\WISECOMM USBDVR CLIENT
2011-12-27 18:33 . 2011-12-27 18:33 65536 ----a-w- c:\windows\IFinst27.exe
2011-12-27 15:28 . 2011-12-27 15:28 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-27 15:28 . 2011-12-27 15:28 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-27 15:28 . 2011-12-27 15:28 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-27 15:28 . 2011-12-27 15:28 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-23 00:19 . 2011-12-23 00:19 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\com.adobe.DC3Module.AdobeADC
2011-12-21 01:17 . 2011-12-21 01:17 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-20 09:55 . 2011-12-20 09:55 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\PDAppFlex
2011-12-17 22:40 . 2011-12-17 22:40 -------- d-----w- c:\program files\iPod
2011-12-17 22:40 . 2011-12-17 22:41 -------- d-----w- c:\program files\iTunes
2011-12-15 19:33 . 2011-12-15 19:33 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\Nolo
2011-12-15 19:33 . 2011-12-20 22:41 -------- d-----w- c:\users\SeizeTheMemories\AppData\Local\Quicken WillMaker Plus 2011
2011-12-15 19:01 . 2011-12-20 02:29 -------- d-----w- c:\users\SeizeTheMemories\2011
2011-12-15 18:35 . 2011-11-24 04:23 2340352 ------w- c:\windows\system32\win32k.sys
2011-12-15 18:35 . 2011-11-05 04:30 2048 ------w- c:\windows\system32\tzres.dll
2011-12-15 18:34 . 2011-10-15 05:48 534528 ------w- c:\windows\system32\EncDec.dll
2011-12-15 18:34 . 2011-10-26 04:25 38912 ------w- c:\windows\system32\csrsrv.dll
2011-12-15 18:34 . 2011-10-26 04:42 3901808 ------w- c:\windows\system32\ntoskrnl.exe
2011-12-15 18:34 . 2011-10-26 04:42 3957104 ------w- c:\windows\system32\ntkrnlpa.exe
2011-12-12 22:29 . 2011-12-12 22:29 -------- d-----w- c:\windows\Sun
2011-12-12 21:12 . 2011-12-12 21:12 -------- d-----w- c:\windows\system32\STRING
2011-12-12 21:12 . 2011-12-12 21:12 -------- d-----w- c:\windows\system32\CHM
2011-12-12 21:12 . 2009-10-09 20:01 137216 ------w- c:\windows\system32\CNMNPUI.DLL
2011-12-12 21:12 . 2009-10-09 20:01 354816 ------w- c:\windows\system32\CNMNPPM.DLL
2011-12-12 21:12 . 2010-05-16 10:00 70656 ------w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA5.DLL
2011-12-12 21:12 . 2010-05-16 10:00 27136 ------w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA5.DLL
2011-12-12 21:12 . 2011-12-12 21:12 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-12-12 21:10 . 2011-12-12 21:10 -------- d--h--w- c:\program files\CanonBJ
2011-12-12 21:06 . 2011-12-12 21:06 -------- d--h--w- c:\programdata\CanonBJ
2011-12-12 15:42 . 2011-12-12 15:42 -------- d-----w- c:\program files\Avery Dennison
2011-12-12 15:42 . 2011-12-12 15:43 -------- d-----w- c:\programdata\Avery
2011-12-10 19:16 . 2011-12-10 19:16 -------- d-----w- c:\program files\CAM Development
2011-12-10 19:00 . 2011-12-10 19:00 -------- d-----w- c:\programdata\Media Get LLC
2011-12-10 19:00 . 2011-12-10 19:00 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\Media Get LLC
2011-12-07 12:35 . 2009-10-10 02:57 12800 ------w- c:\windows\system32\drivers\sffp_sd.sys
2011-12-07 12:35 . 2009-10-10 02:31 84992 ------w- c:\windows\system32\drivers\sdbus.sys
2011-12-07 12:34 . 2011-02-19 05:33 802304 ------w- c:\windows\system32\FntCache.dll
2011-12-07 12:34 . 2011-02-19 05:32 1074176 ------w- c:\windows\system32\DWrite.dll
2011-12-07 12:34 . 2011-02-19 05:32 739840 ------w- c:\windows\system32\d2d1.dll
2011-12-07 11:26 . 2011-12-07 11:26 -------- d-----w- c:\program files\Windows Loader
2011-12-07 08:38 . 2011-12-07 08:38 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-07 08:38 . 2011-12-07 08:38 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-12-07 08:38 . 2011-12-07 08:38 -------- d-----w- c:\program files\AVG Secure Search
2011-12-05 09:42 . 2011-12-05 09:42 -------- d-----w- c:\users\SeizeTheMemories\2007
2011-12-02 00:05 . 2011-12-02 00:05 -------- d-----w- c:\programdata\Nik Software
2011-11-30 14:07 . 2011-11-30 14:08 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\Digital Support
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 03:05 . 2011-09-09 06:45 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-12-12 15:06 . 2011-09-09 16:32 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 08:05 . 2011-09-09 06:12 527424 ------w- c:\windows\PWMBTHLV.EXE
2011-12-01 08:05 . 2011-09-09 06:12 834624 ------w- c:\windows\system32\PWMCP32V.cpl
2011-12-01 08:05 . 2011-09-09 06:12 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2011-12-01 08:05 . 2011-09-09 06:12 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2011-11-27 00:04 . 2011-11-27 04:07 3072 ------w- c:\windows\system32\Viveza2FC32.dll
2011-11-19 06:19 . 2011-11-19 06:19 1328512 ------w- c:\windows\system32\PhotoJoy Screensaver.scr
2011-10-24 18:29 . 2011-10-24 18:29 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ------w- c:\windows\system32\QuickTime.qts
2011-10-19 23:16 . 2011-10-19 23:16 472808 ------w- c:\windows\system32\deployJava1.dll
2011-10-10 05:18 . 2011-03-28 22:36 18328 ------w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-07 16:54 . 2011-10-17 21:35 140096 ------w- c:\windows\system32\COMDLG32.OCX
2003-01-31 09:43 . 2003-01-20 18:07 6065152 ------w- c:\program files\Mystical.exe
2003-01-31 00:20 . 2003-01-20 18:07 1396736 ------w- c:\program files\Mystical_PlugIn.8bf
2011-12-27 15:28 . 2011-09-09 15:24 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-07 08:38 1547104 ------w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-10 12002664]
"Akamai NetSession Interface"="c:\users\SeizeTheMemories\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
"BySoft FreeRAM"="c:\program files\FinitySoft Memory Manger\MemoryManager.exe" [2007-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-07 827232]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-12-01 1322048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-1-19 902432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48 58656 ------w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-08-27 06:10 1657376 ------w- c:\windows\System32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoJoy]
2011-11-19 06:19 1049984 ------w- c:\program files\PhotoJoy\Bin\PhotoJoy.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2011-12-27 98120]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-09-09 8192]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 243712]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2000-01-01 368680]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2000-01-01 75816]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33832]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2011-12-27 23624]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-12-28 12984]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-12-01 25968]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 948736]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [2011-03-10 2708024]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 110752]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2009-12-18 57344]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-20 4446752]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-07 855904]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-12-01 292200]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-09-09 14:50]
.
2011-12-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2011-12-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2011-12-25 c:\windows\Tasks\SlimDrivers Scan.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2011-09-07 15:32]
.
2011-12-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 66.18.32.2 66.18.32.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/hk/en/SmartDownloading/cab/npdueng.cab
FF - ProfilePath - c:\users\SeizeTheMemories\AppData\Roaming\Mozilla\Firefox\Profiles\okbd67ha.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: dom.max_script_run_time - 10
FF - user.js: dom.max_chrome_script_run_time - 20
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4808)
c:\program files\Lenovo\Bluetooth Software\btmmhook.dll
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\Lenovo\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Lenovo\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG10\avgam.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-12-29 10:44:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 15:44
.
Pre-Run: 98,936,705,024 bytes free
Post-Run: 98,937,552,896 bytes free
.
- - End Of File - - 273186F6E252331D76E14D7F64D86181
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Thu Dec 29, 2011 8:10 am    Post subject: ComboFix Report Reply with quote
ComboFix 11-12-29.04 - SeizeTheMemories 12/29/2011 10:15:56.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2077 [GMT -5:00]
Running from: c:\users\SeizeTheMemories\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{67cdd5a0-c572-4d2c-a354-6492b51f4138}\setup.msi
c:\programdata\PCDr\5849\AddOnDownloaded\070ba803-49f8-4fe7-8a18-40930827162f.dll
c:\programdata\PCDr\5849\AddOnDownloaded\2d662263-8349-40fc-8bca-552cc5d7cfda.dll
c:\programdata\PCDr\5849\AddOnDownloaded\d97b7615-5719-44f8-a032-b5cae54a0299.dll
c:\programdata\Roaming
c:\windows\$NtUninstallKB13887$\2584940353
c:\windows\$NtUninstallKB13887$\3110309724\@
c:\windows\$NtUninstallKB13887$\3110309724\bckfg.tmp
c:\windows\$NtUninstallKB13887$\3110309724\cfg.ini
c:\windows\$NtUninstallKB13887$\3110309724\Desktop.ini
c:\windows\$NtUninstallKB13887$\3110309724\keywords
c:\windows\$NtUninstallKB13887$\3110309724\kwrd.dll
c:\windows\$NtUninstallKB13887$\3110309724\L\xadqgnnk
c:\windows\$NtUninstallKB13887$\3110309724\lsflt7.ver
c:\windows\$NtUninstallKB13887$\3110309724\U\00000001.@
c:\windows\$NtUninstallKB13887$\3110309724\U\00000002.@
c:\windows\$NtUninstallKB13887$\3110309724\U\00000004.@
c:\windows\$NtUninstallKB13887$\3110309724\U\80000000.@
c:\windows\$NtUninstallKB13887$\3110309724\U\80000004.@
c:\windows\$NtUninstallKB13887$\3110309724\U\80000032.@
c:\windows\system32\certstore.dat
c:\windows\$NtUninstallKB13887$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-28 03:53 . 2011-12-28 03:53 -------- d-----w- c:\programdata\Lenovo
2011-12-28 03:49 . 2011-12-28 03:49 -------- d-----w- c:\programdata\Intel
2011-12-28 03:48 . 2011-12-28 03:48 -------- d-----w- c:\program files\Cisco
2011-12-28 03:48 . 2011-12-28 03:48 -------- d-----w- c:\program files\Common Files\Intel
2011-12-28 03:23 . 2011-12-28 03:23 -------- d-----w- c:\windows\system32\lenovo
2011-12-28 02:35 . 2011-12-28 02:35 -------- d-----w- c:\users\SeizeTheMemories\AppData\Local\Akamai
2011-12-27 19:10 . 2011-12-27 19:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-12-27 18:47 . 2011-12-27 19:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2011-12-27 18:47 . 2011-12-27 18:47 -------- d-----w- c:\program files\HitmanPro
2011-12-27 18:46 . 2011-12-27 19:10 -------- d-----w- c:\programdata\HitmanPro
2011-12-27 18:33 . 2011-12-27 18:33 -------- d-----w- c:\program files\WISECOMM USBDVR CLIENT
2011-12-27 18:33 . 2011-12-27 18:33 65536 ----a-w- c:\windows\IFinst27.exe
2011-12-27 15:28 . 2011-12-27 15:28 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-27 15:28 . 2011-12-27 15:28 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-27 15:28 . 2011-12-27 15:28 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-27 15:28 . 2011-12-27 15:28 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-23 00:19 . 2011-12-23 00:19 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\com.adobe.DC3Module.AdobeADC
2011-12-21 01:17 . 2011-12-21 01:17 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-20 09:55 . 2011-12-20 09:55 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\PDAppFlex
2011-12-17 22:40 . 2011-12-17 22:40 -------- d-----w- c:\program files\iPod
2011-12-17 22:40 . 2011-12-17 22:41 -------- d-----w- c:\program files\iTunes
2011-12-15 19:33 . 2011-12-15 19:33 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\Nolo
2011-12-15 19:33 . 2011-12-20 22:41 -------- d-----w- c:\users\SeizeTheMemories\AppData\Local\Quicken WillMaker Plus 2011
2011-12-15 19:01 . 2011-12-20 02:29 -------- d-----w- c:\users\SeizeTheMemories\2011
2011-12-15 18:35 . 2011-11-24 04:23 2340352 ------w- c:\windows\system32\win32k.sys
2011-12-15 18:35 . 2011-11-05 04:30 2048 ------w- c:\windows\system32\tzres.dll
2011-12-15 18:34 . 2011-10-15 05:48 534528 ------w- c:\windows\system32\EncDec.dll
2011-12-15 18:34 . 2011-10-26 04:25 38912 ------w- c:\windows\system32\csrsrv.dll
2011-12-15 18:34 . 2011-10-26 04:42 3901808 ------w- c:\windows\system32\ntoskrnl.exe
2011-12-15 18:34 . 2011-10-26 04:42 3957104 ------w- c:\windows\system32\ntkrnlpa.exe
2011-12-12 22:29 . 2011-12-12 22:29 -------- d-----w- c:\windows\Sun
2011-12-12 21:12 . 2011-12-12 21:12 -------- d-----w- c:\windows\system32\STRING
2011-12-12 21:12 . 2011-12-12 21:12 -------- d-----w- c:\windows\system32\CHM
2011-12-12 21:12 . 2009-10-09 20:01 137216 ------w- c:\windows\system32\CNMNPUI.DLL
2011-12-12 21:12 . 2009-10-09 20:01 354816 ------w- c:\windows\system32\CNMNPPM.DLL
2011-12-12 21:12 . 2010-05-16 10:00 70656 ------w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA5.DLL
2011-12-12 21:12 . 2010-05-16 10:00 27136 ------w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA5.DLL
2011-12-12 21:12 . 2011-12-12 21:12 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-12-12 21:10 . 2011-12-12 21:10 -------- d--h--w- c:\program files\CanonBJ
2011-12-12 21:06 . 2011-12-12 21:06 -------- d--h--w- c:\programdata\CanonBJ
2011-12-12 15:42 . 2011-12-12 15:42 -------- d-----w- c:\program files\Avery Dennison
2011-12-12 15:42 . 2011-12-12 15:43 -------- d-----w- c:\programdata\Avery
2011-12-10 19:16 . 2011-12-10 19:16 -------- d-----w- c:\program files\CAM Development
2011-12-10 19:00 . 2011-12-10 19:00 -------- d-----w- c:\programdata\Media Get LLC
2011-12-10 19:00 . 2011-12-10 19:00 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\Media Get LLC
2011-12-07 12:35 . 2009-10-10 02:57 12800 ------w- c:\windows\system32\drivers\sffp_sd.sys
2011-12-07 12:35 . 2009-10-10 02:31 84992 ------w- c:\windows\system32\drivers\sdbus.sys
2011-12-07 12:34 . 2011-02-19 05:33 802304 ------w- c:\windows\system32\FntCache.dll
2011-12-07 12:34 . 2011-02-19 05:32 1074176 ------w- c:\windows\system32\DWrite.dll
2011-12-07 12:34 . 2011-02-19 05:32 739840 ------w- c:\windows\system32\d2d1.dll
2011-12-07 11:26 . 2011-12-07 11:26 -------- d-----w- c:\program files\Windows Loader
2011-12-07 08:38 . 2011-12-07 08:38 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-07 08:38 . 2011-12-07 08:38 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-12-07 08:38 . 2011-12-07 08:38 -------- d-----w- c:\program files\AVG Secure Search
2011-12-05 09:42 . 2011-12-05 09:42 -------- d-----w- c:\users\SeizeTheMemories\2007
2011-12-02 00:05 . 2011-12-02 00:05 -------- d-----w- c:\programdata\Nik Software
2011-11-30 14:07 . 2011-11-30 14:08 -------- d-----w- c:\users\SeizeTheMemories\AppData\Roaming\Digital Support
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 03:05 . 2011-09-09 06:45 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-12-12 15:06 . 2011-09-09 16:32 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 08:05 . 2011-09-09 06:12 527424 ------w- c:\windows\PWMBTHLV.EXE
2011-12-01 08:05 . 2011-09-09 06:12 834624 ------w- c:\windows\system32\PWMCP32V.cpl
2011-12-01 08:05 . 2011-09-09 06:12 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2011-12-01 08:05 . 2011-09-09 06:12 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2011-11-27 00:04 . 2011-11-27 04:07 3072 ------w- c:\windows\system32\Viveza2FC32.dll
2011-11-19 06:19 . 2011-11-19 06:19 1328512 ------w- c:\windows\system32\PhotoJoy Screensaver.scr
2011-10-24 18:29 . 2011-10-24 18:29 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ------w- c:\windows\system32\QuickTime.qts
2011-10-19 23:16 . 2011-10-19 23:16 472808 ------w- c:\windows\system32\deployJava1.dll
2011-10-10 05:18 . 2011-03-28 22:36 18328 ------w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-07 16:54 . 2011-10-17 21:35 140096 ------w- c:\windows\system32\COMDLG32.OCX
2003-01-31 09:43 . 2003-01-20 18:07 6065152 ------w- c:\program files\Mystical.exe
2003-01-31 00:20 . 2003-01-20 18:07 1396736 ------w- c:\program files\Mystical_PlugIn.8bf
2011-12-27 15:28 . 2011-09-09 15:24 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-07 08:38 1547104 ------w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-10 12002664]
"Akamai NetSession Interface"="c:\users\SeizeTheMemories\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
"BySoft FreeRAM"="c:\program files\FinitySoft Memory Manger\MemoryManager.exe" [2007-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-07 827232]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-12-01 1322048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-1-19 902432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48 58656 ------w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-08-27 06:10 1657376 ------w- c:\windows\System32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoJoy]
2011-11-19 06:19 1049984 ------w- c:\program files\PhotoJoy\Bin\PhotoJoy.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2011-12-27 98120]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-09-09 8192]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 243712]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2000-01-01 368680]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2000-01-01 75816]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33832]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2011-12-27 23624]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-12-28 12984]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-12-01 25968]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 948736]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [2011-03-10 2708024]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 110752]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2009-12-18 57344]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-20 4446752]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-07 855904]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-12-01 292200]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-09-09 14:50]
.
2011-12-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2011-12-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2011-12-25 c:\windows\Tasks\SlimDrivers Scan.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2011-09-07 15:32]
.
2011-12-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 66.18.32.2 66.18.32.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/hk/en/SmartDownloading/cab/npdueng.cab
FF - ProfilePath - c:\users\SeizeTheMemories\AppData\Roaming\Mozilla\Firefox\Profiles\okbd67ha.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: dom.max_script_run_time - 10
FF - user.js: dom.max_chrome_script_run_time - 20
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4808)
c:\program files\Lenovo\Bluetooth Software\btmmhook.dll
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\Lenovo\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Lenovo\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG10\avgam.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-12-29 10:44:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 15:44
.
Pre-Run: 98,936,705,024 bytes free
Post-Run: 98,937,552,896 bytes free
.
- - End Of File - - 273186F6E252331D76E14D7F64D86181
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Thu Dec 29, 2011 9:03 am    Post subject: Reply with quote
Looking better.

I see you have Hitman Pro installed. I strongly recommend you remove it, or at the very least never attempt to clean your computer using it. I've lost count of the number of unbootable computers I've seen after their owners have used Hitman Pro. It is altogether too zealous in its actions, and often carelessly removes processes and services essential to Windows operation.

I advise you uninstall it using Control Panel > Programs > Uninstall a program

Next

I'd like you to run some more scans for me, to check if there are any remnants of your infection left to take care of ....

First

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING THAT MAY BE FOUND


Next

Please download Junction.zip and save it to your desktop.

  • Right click Junction.zip and choose extract all...
  • When the Compressed Folders Extraction wizard opens, click Next
  • Click Browse
  • When the "select a destination" box opens, click My Computer > Local Disk (CSmile > Windows > OK
  • Back at the Extraction Wizard, click Next.
  • Untick "Show Extracted Files" and click Finish

    • Click Start > Run. Copy and paste the contents of the codebox below into the run box.
    • (Do Not include Code:) Then click OK:



Code:
cmd /c junction -s c:\ >log.txt&log.txt&del log.txt



  • A command window will open and the system will be scanned. (Click Agree to the prompt)
  • Please be patient & wait untill a log file opens in notepad.
  • Copy and paste the contents of that file in your next reply.



Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


Summary of the logs I need from you in your next post:

  • TDSSKiller log
  • Junction log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Thu Dec 29, 2011 6:38 pm    Post subject: TDSS Log Reply with quote
13:31:51.0451 2368 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:31:53.0423 2368 ============================================================
13:31:53.0423 2368 Current date / time: 2011/12/29 13:31:53.0423
13:31:53.0424 2368 SystemInfo:
13:31:53.0424 2368
13:31:53.0424 2368 OS Version: 6.1.7600 ServicePack: 0.0
13:31:53.0424 2368 Product type: Workstation
13:31:53.0424 2368 ComputerName: SEIZETHEMEMOR
13:31:53.0425 2368 UserName: SeizeTheMemories
13:31:53.0425 2368 Windows directory: C:\Windows
13:31:53.0425 2368 System windows directory: C:\Windows
13:31:53.0425 2368 Processor architecture: Intel x86
13:31:53.0425 2368 Number of processors: 2
13:31:53.0425 2368 Page size: 0x1000
13:31:53.0425 2368 Boot type: Normal boot
13:31:53.0425 2368 ============================================================
13:31:55.0348 2368 Initialize success
13:32:04.0330 5900 ============================================================
13:32:04.0330 5900 Scan started
13:32:04.0330 5900 Mode: Manual;
13:32:04.0330 5900 ============================================================
13:32:05.0007 5900 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
13:32:05.0011 5900 1394ohci - ok
13:32:05.0073 5900 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
13:32:05.0078 5900 ACPI - ok
13:32:05.0134 5900 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
13:32:05.0138 5900 AcpiPmi - ok
13:32:05.0218 5900 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
13:32:05.0224 5900 ADIHdAudAddService - ok
13:32:05.0285 5900 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:32:05.0294 5900 adp94xx - ok
13:32:05.0334 5900 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:32:05.0342 5900 adpahci - ok
13:32:05.0378 5900 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:32:05.0383 5900 adpu320 - ok
13:32:05.0473 5900 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
13:32:05.0492 5900 AFD - ok
13:32:05.0534 5900 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
13:32:05.0538 5900 agp440 - ok
13:32:05.0596 5900 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:32:05.0600 5900 aic78xx - ok
13:32:05.0675 5900 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
13:32:05.0678 5900 aliide - ok
13:32:05.0717 5900 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
13:32:05.0721 5900 amdagp - ok
13:32:05.0754 5900 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
13:32:05.0758 5900 amdide - ok
13:32:05.0807 5900 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:32:05.0811 5900 AmdK8 - ok
13:32:05.0846 5900 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:32:05.0851 5900 AmdPPM - ok
13:32:05.0934 5900 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
13:32:05.0950 5900 amdsata - ok
13:32:05.0995 5900 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:32:06.0001 5900 amdsbs - ok
13:32:06.0054 5900 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
13:32:06.0056 5900 amdxata - ok
13:32:06.0161 5900 AMPPAL (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\AMPPAL.sys
13:32:06.0171 5900 AMPPAL - ok
13:32:06.0227 5900 AMPPALP (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\amppal.sys
13:32:06.0231 5900 AMPPALP - ok
13:32:06.0289 5900 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
13:32:06.0293 5900 AppID - ok
13:32:06.0377 5900 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:32:06.0381 5900 arc - ok
13:32:06.0418 5900 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:32:06.0422 5900 arcsas - ok
13:32:06.0480 5900 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:32:06.0484 5900 AsyncMac - ok
13:32:06.0553 5900 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
13:32:06.0555 5900 atapi - ok
13:32:06.0628 5900 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
13:32:06.0633 5900 Avgfwfd - ok
13:32:06.0689 5900 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:32:06.0692 5900 AVGIDSDriver - ok
13:32:06.0726 5900 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:32:06.0728 5900 AVGIDSEH - ok
13:32:06.0773 5900 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:32:06.0775 5900 AVGIDSFilter - ok
13:32:06.0811 5900 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
13:32:06.0813 5900 AVGIDSShim - ok
13:32:06.0878 5900 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
13:32:06.0884 5900 Avgldx86 - ok
13:32:06.0930 5900 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
13:32:06.0934 5900 Avgmfx86 - ok
13:32:06.0979 5900 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
13:32:06.0981 5900 Avgrkx86 - ok
13:32:07.0033 5900 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
13:32:07.0045 5900 Avgtdix - ok
13:32:07.0154 5900 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:32:07.0163 5900 b06bdrv - ok
13:32:07.0217 5900 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:32:07.0222 5900 b57nd60x - ok
13:32:07.0280 5900 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:32:07.0284 5900 Beep - ok
13:32:07.0328 5900 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:32:07.0333 5900 blbdrive - ok
13:32:07.0401 5900 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
13:32:07.0404 5900 bowser - ok
13:32:07.0442 5900 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:32:07.0446 5900 BrFiltLo - ok
13:32:07.0480 5900 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:32:07.0483 5900 BrFiltUp - ok
13:32:07.0530 5900 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:32:07.0538 5900 Brserid - ok
13:32:07.0582 5900 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:32:07.0586 5900 BrSerWdm - ok
13:32:07.0634 5900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:32:07.0638 5900 BrUsbMdm - ok
13:32:07.0680 5900 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:32:07.0685 5900 BrUsbSer - ok
13:32:07.0763 5900 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
13:32:07.0767 5900 BthEnum - ok
13:32:07.0809 5900 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:32:07.0813 5900 BTHMODEM - ok
13:32:07.0870 5900 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:32:07.0888 5900 BthPan - ok
13:32:07.0960 5900 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
13:32:07.0971 5900 BTHPORT - ok
13:32:08.0040 5900 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
13:32:08.0061 5900 BTHUSB - ok
13:32:08.0140 5900 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
13:32:08.0144 5900 btusbflt - ok
13:32:08.0248 5900 BTWAMPFL (8e8fab65326c4f35ffe2026cb3be396d) C:\Windows\system32\DRIVERS\btwampfl.sys
13:32:08.0257 5900 BTWAMPFL - ok
13:32:08.0293 5900 btwaudio (b25f9c5219d6f153066d1503110330e4) C:\Windows\system32\drivers\btwaudio.sys
13:32:08.0298 5900 btwaudio - ok
13:32:08.0330 5900 btwavdt (9d4a35cef4d539008ea4226e33a700de) C:\Windows\system32\DRIVERS\btwavdt.sys
13:32:08.0335 5900 btwavdt - ok
13:32:08.0373 5900 BTWDPAN (b5bb5531f92234db3602b60819de3158) C:\Windows\system32\DRIVERS\btwdpan.sys
13:32:08.0378 5900 BTWDPAN - ok
13:32:08.0416 5900 btwl2cap (80ee715e92364861262b75c84b2654ce) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:32:08.0420 5900 btwl2cap - ok
13:32:08.0461 5900 btwrchid (b1f85b4985a6419e3fcddcb251547130) C:\Windows\system32\DRIVERS\btwrchid.sys
13:32:08.0466 5900 btwrchid - ok
13:32:08.0546 5900 catchme - ok
13:32:08.0607 5900 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:32:08.0612 5900 cdfs - ok
13:32:08.0665 5900 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
13:32:08.0671 5900 cdrom - ok
13:32:08.0733 5900 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:32:08.0737 5900 circlass - ok
13:32:08.0792 5900 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:32:08.0801 5900 CLFS - ok
13:32:08.0873 5900 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:32:08.0877 5900 CmBatt - ok
13:32:08.0901 5900 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
13:32:08.0906 5900 cmdide - ok
13:32:08.0974 5900 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:32:08.0981 5900 CNG - ok
13:32:09.0021 5900 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:32:09.0023 5900 Compbatt - ok
13:32:09.0098 5900 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:32:09.0102 5900 CompositeBus - ok
13:32:09.0137 5900 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:32:09.0141 5900 crcdisk - ok
13:32:09.0217 5900 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
13:32:09.0226 5900 CSC - ok
13:32:09.0343 5900 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
13:32:09.0376 5900 DfsC - ok
13:32:09.0446 5900 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:32:09.0451 5900 discache - ok
13:32:09.0532 5900 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:32:09.0535 5900 Disk - ok
13:32:09.0612 5900 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
13:32:09.0615 5900 DozeHDD - ok
13:32:09.0681 5900 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:32:09.0684 5900 drmkaud - ok
13:32:09.0791 5900 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
13:32:09.0805 5900 DXGKrnl - ok
13:32:09.0870 5900 e1express (339cbffbbc29580dbc3b235f2fb74f74) C:\Windows\system32\DRIVERS\e1e6232.sys
13:32:09.0888 5900 e1express - ok
13:32:10.0025 5900 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:32:10.0076 5900 ebdrv - ok
13:32:10.0203 5900 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:32:10.0213 5900 elxstor - ok
13:32:10.0269 5900 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
13:32:10.0273 5900 ErrDev - ok
13:32:10.0338 5900 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:32:10.0343 5900 exfat - ok
13:32:10.0393 5900 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:32:10.0398 5900 fastfat - ok
13:32:10.0441 5900 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:32:10.0445 5900 fdc - ok
13:32:10.0491 5900 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:32:10.0493 5900 FileInfo - ok
13:32:10.0527 5900 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:32:10.0530 5900 Filetrace - ok
13:32:10.0611 5900 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:32:10.0615 5900 flpydisk - ok
13:32:10.0661 5900 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:32:10.0665 5900 FltMgr - ok
13:32:10.0702 5900 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:32:10.0706 5900 FsDepends - ok
13:32:10.0782 5900 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
13:32:10.0795 5900 fssfltr - ok
13:32:10.0841 5900 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:32:10.0843 5900 Fs_Rec - ok
13:32:10.0917 5900 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
13:32:10.0921 5900 fvevol - ok
13:32:10.0966 5900 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:32:10.0970 5900 gagp30kx - ok
13:32:11.0016 5900 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:32:11.0026 5900 GEARAspiWDM - ok
13:32:11.0110 5900 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:32:11.0114 5900 hcw85cir - ok
13:32:11.0160 5900 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
13:32:11.0167 5900 HdAudAddService - ok
13:32:11.0207 5900 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:32:11.0211 5900 HDAudBus - ok
13:32:11.0264 5900 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:32:11.0268 5900 HidBatt - ok
13:32:11.0330 5900 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:32:11.0334 5900 HidBth - ok
13:32:11.0383 5900 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:32:11.0387 5900 HidIr - ok
13:32:11.0442 5900 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
13:32:11.0446 5900 HidUsb - ok
13:32:11.0543 5900 hitmanpro35 (411bce825fca2b296ff89b833de11321) C:\Windows\system32\drivers\hitmanpro36.sys
13:32:11.0545 5900 hitmanpro35 - ok
13:32:11.0627 5900 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:32:11.0631 5900 HpSAMD - ok
13:32:11.0700 5900 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:32:11.0724 5900 HSF_DPV - ok
13:32:11.0798 5900 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:32:11.0804 5900 HSXHWAZL - ok
13:32:11.0850 5900 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
13:32:11.0859 5900 HTTP - ok
13:32:11.0891 5900 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
13:32:11.0893 5900 hwpolicy - ok
13:32:11.0969 5900 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
13:32:11.0974 5900 i8042prt - ok
13:32:12.0021 5900 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys
13:32:12.0028 5900 iaStor - ok
13:32:12.0115 5900 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
13:32:12.0123 5900 iaStorV - ok
13:32:12.0183 5900 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:32:12.0195 5900 IBMPMDRV - ok
13:32:12.0246 5900 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:32:12.0249 5900 iirsp - ok
13:32:12.0336 5900 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
13:32:12.0338 5900 intelide - ok
13:32:12.0363 5900 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:32:12.0365 5900 intelppm - ok
13:32:12.0398 5900 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:32:12.0403 5900 IpFilterDriver - ok
13:32:12.0439 5900 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:32:12.0443 5900 IPMIDRV - ok
13:32:12.0498 5900 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:32:12.0502 5900 IPNAT - ok
13:32:12.0571 5900 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:32:12.0575 5900 IRENUM - ok
13:32:12.0630 5900 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
13:32:12.0634 5900 isapnp - ok
13:32:12.0686 5900 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
13:32:12.0693 5900 iScsiPrt - ok
13:32:12.0746 5900 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:32:12.0753 5900 kbdclass - ok
13:32:12.0786 5900 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
13:32:12.0790 5900 kbdhid - ok
13:32:12.0876 5900 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
13:32:12.0878 5900 KSecDD - ok
13:32:12.0953 5900 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
13:32:12.0957 5900 KSecPkg - ok
13:32:13.0036 5900 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:32:13.0039 5900 lltdio - ok
13:32:13.0102 5900 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:32:13.0107 5900 LSI_FC - ok
13:32:13.0144 5900 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:32:13.0150 5900 LSI_SAS - ok
13:32:13.0182 5900 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:32:13.0187 5900 LSI_SAS2 - ok
13:32:13.0222 5900 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:32:13.0227 5900 LSI_SCSI - ok
13:32:13.0264 5900 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:32:13.0267 5900 luafv - ok
13:32:13.0321 5900 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:32:13.0324 5900 mdmxsdk - ok
13:32:13.0377 5900 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:32:13.0381 5900 megasas - ok
13:32:13.0422 5900 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:32:13.0428 5900 MegaSR - ok
13:32:13.0478 5900 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:32:13.0481 5900 Modem - ok
13:32:13.0527 5900 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:32:13.0529 5900 monitor - ok
13:32:13.0563 5900 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:32:13.0567 5900 mouclass - ok
13:32:13.0603 5900 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:32:13.0607 5900 mouhid - ok
13:32:13.0653 5900 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
13:32:13.0656 5900 mountmgr - ok
13:32:13.0690 5900 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
13:32:13.0695 5900 mpio - ok
13:32:13.0751 5900 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:32:13.0756 5900 mpsdrv - ok
13:32:13.0817 5900 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
13:32:13.0822 5900 MRxDAV - ok
13:32:13.0896 5900 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:32:13.0899 5900 mrxsmb - ok
13:32:13.0944 5900 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:32:13.0949 5900 mrxsmb10 - ok
13:32:14.0013 5900 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:32:14.0016 5900 mrxsmb20 - ok
13:32:14.0066 5900 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
13:32:14.0068 5900 msahci - ok
13:32:14.0101 5900 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
13:32:14.0106 5900 msdsm - ok
13:32:14.0185 5900 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:32:14.0189 5900 Msfs - ok
13:32:14.0209 5900 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:32:14.0212 5900 mshidkmdf - ok
13:32:14.0253 5900 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
13:32:14.0255 5900 msisadrv - ok
13:32:14.0304 5900 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:32:14.0308 5900 MSKSSRV - ok
13:32:14.0346 5900 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:32:14.0349 5900 MSPCLOCK - ok
13:32:14.0374 5900 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:32:14.0378 5900 MSPQM - ok
13:32:14.0408 5900 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:32:14.0412 5900 MsRPC - ok
13:32:14.0459 5900 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
13:32:14.0461 5900 mssmbios - ok
13:32:14.0486 5900 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:32:14.0491 5900 MSTEE - ok
13:32:14.0521 5900 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:32:14.0525 5900 MTConfig - ok
13:32:14.0552 5900 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:32:14.0555 5900 Mup - ok
13:32:14.0614 5900 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:32:14.0619 5900 NativeWifiP - ok
13:32:14.0674 5900 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
13:32:14.0686 5900 NDIS - ok
13:32:14.0725 5900 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:32:14.0729 5900 NdisCap - ok
13:32:14.0776 5900 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:32:14.0780 5900 NdisTapi - ok
13:32:14.0820 5900 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
13:32:14.0823 5900 Ndisuio - ok
13:32:14.0852 5900 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
13:32:14.0858 5900 NdisWan - ok
13:32:14.0884 5900 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
13:32:14.0890 5900 NDProxy - ok
13:32:14.0930 5900 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:32:14.0933 5900 NetBIOS - ok
13:32:14.0971 5900 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
13:32:14.0976 5900 NetBT - ok
13:32:15.0208 5900 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
13:32:15.0274 5900 netw5v32 - ok
13:32:15.0543 5900 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
13:32:15.0648 5900 NETwLv32 - ok
13:32:15.0687 5900 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:32:15.0693 5900 nfrd960 - ok
13:32:15.0762 5900 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:32:15.0768 5900 Npfs - ok
13:32:15.0817 5900 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:32:15.0822 5900 nsiproxy - ok
13:32:15.0923 5900 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
13:32:15.0942 5900 Ntfs - ok
13:32:15.0964 5900 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:32:15.0972 5900 Null - ok
13:32:16.0351 5900 nvlddmkm (4a6688bf47940cdc1475772b235c6323) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:32:16.0531 5900 nvlddmkm - ok
13:32:16.0730 5900 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
13:32:16.0735 5900 nvraid - ok
13:32:16.0771 5900 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
13:32:16.0776 5900 nvstor - ok
13:32:16.0823 5900 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
13:32:16.0828 5900 nv_agp - ok
13:32:16.0853 5900 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
13:32:16.0858 5900 ohci1394 - ok
13:32:16.0927 5900 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:32:16.0930 5900 Parport - ok
13:32:16.0952 5900 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
13:32:16.0955 5900 partmgr - ok
13:32:16.0986 5900 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:32:16.0990 5900 Parvdm - ok
13:32:17.0040 5900 PcdrNdisuio - ok
13:32:17.0079 5900 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
13:32:17.0083 5900 pci - ok
13:32:17.0115 5900 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
13:32:17.0118 5900 pciide - ok
13:32:17.0160 5900 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:32:17.0164 5900 pcmcia - ok
13:32:17.0224 5900 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:32:17.0227 5900 pcw - ok
13:32:17.0293 5900 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:32:17.0303 5900 PEAUTH - ok
13:32:17.0421 5900 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:32:17.0426 5900 PptpMiniport - ok
13:32:17.0459 5900 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:32:17.0463 5900 Processor - ok
13:32:17.0508 5900 psadd (06f82545e04ebf113b1c2c1c9f766d81) C:\Windows\system32\DRIVERS\psadd.sys
13:32:17.0512 5900 psadd - ok
13:32:17.0540 5900 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:32:17.0543 5900 Psched - ok
13:32:17.0616 5900 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
13:32:17.0619 5900 PxHelp20 - ok
13:32:17.0686 5900 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:32:17.0710 5900 ql2300 - ok
13:32:17.0745 5900 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:32:17.0749 5900 ql40xx - ok
13:32:17.0796 5900 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:32:17.0800 5900 QWAVEdrv - ok
13:32:17.0835 5900 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:32:17.0838 5900 RasAcd - ok
13:32:17.0884 5900 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:32:17.0888 5900 RasAgileVpn - ok
13:32:17.0931 5900 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:32:17.0935 5900 Rasl2tp - ok
13:32:17.0986 5900 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:32:17.0991 5900 RasPppoe - ok
13:32:18.0040 5900 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:32:18.0045 5900 RasSstp - ok
13:32:18.0098 5900 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
13:32:18.0104 5900 rdbss - ok
13:32:18.0130 5900 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:32:18.0134 5900 rdpbus - ok
13:32:18.0170 5900 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:32:18.0173 5900 RDPCDD - ok
13:32:18.0221 5900 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
13:32:18.0226 5900 RDPDR - ok
13:32:18.0259 5900 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:32:18.0263 5900 RDPENCDD - ok
13:32:18.0296 5900 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:32:18.0299 5900 RDPREFMP - ok
13:32:18.0341 5900 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
13:32:18.0346 5900 RDPWD - ok
13:32:18.0392 5900 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
13:32:18.0396 5900 rdyboost - ok
13:32:18.0472 5900 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:32:18.0477 5900 RFCOMM - ok
13:32:18.0523 5900 rimmptsk (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys
13:32:18.0527 5900 rimmptsk - ok
13:32:18.0581 5900 rimsptsk (49ec82b44eb93374ed9988da7e0e0151) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:32:18.0585 5900 rimsptsk - ok
13:32:18.0619 5900 rismxdp (3f400c3ccd0818858602ddb37b5de719) C:\Windows\system32\DRIVERS\rixdptsk.sys
13:32:18.0623 5900 rismxdp - ok
13:32:18.0677 5900 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:32:18.0680 5900 rspndr - ok
13:32:18.0721 5900 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
13:32:18.0725 5900 s3cap - ok
13:32:18.0772 5900 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
13:32:18.0777 5900 sbp2port - ok
13:32:18.0821 5900 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
13:32:18.0825 5900 scfilter - ok
13:32:18.0881 5900 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\drivers\sdbus.sys
13:32:18.0885 5900 sdbus - ok
13:32:18.0928 5900 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:32:18.0931 5900 secdrv - ok
13:32:18.0985 5900 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:32:18.0988 5900 Serenum - ok
13:32:19.0045 5900 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:32:19.0050 5900 Serial - ok
13:32:19.0076 5900 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:32:19.0080 5900 sermouse - ok
13:32:19.0127 5900 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:32:19.0131 5900 sffdisk - ok
13:32:19.0168 5900 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:32:19.0172 5900 sffp_mmc - ok
13:32:19.0226 5900 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
13:32:19.0230 5900 sffp_sd - ok
13:32:19.0271 5900 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:32:19.0275 5900 sfloppy - ok
13:32:19.0345 5900 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
13:32:19.0349 5900 sisagp - ok
13:32:19.0408 5900 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:32:19.0413 5900 SiSRaid2 - ok
13:32:19.0462 5900 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:32:19.0466 5900 SiSRaid4 - ok
13:32:19.0506 5900 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:32:19.0510 5900 Smb - ok
13:32:19.0562 5900 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:32:19.0564 5900 spldr - ok
13:32:19.0651 5900 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
13:32:19.0658 5900 srv - ok
13:32:19.0696 5900 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
13:32:19.0702 5900 srv2 - ok
13:32:19.0750 5900 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:32:19.0756 5900 SrvHsfHDA - ok
13:32:19.0835 5900 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:32:19.0853 5900 SrvHsfV92 - ok
13:32:19.0900 5900 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:32:19.0914 5900 SrvHsfWinac - ok
13:32:19.0940 5900 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
13:32:19.0944 5900 srvnet - ok
13:32:19.0991 5900 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:32:19.0995 5900 stexstor - ok
13:32:20.0038 5900 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
13:32:20.0041 5900 storflt - ok
13:32:20.0073 5900 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
13:32:20.0078 5900 storvsc - ok
13:32:20.0140 5900 SWDUMon (ab7f6435b3dc381919c3e2cb4d94c7fb) C:\Windows\system32\DRIVERS\SWDUMon.sys
13:32:20.0145 5900 SWDUMon - ok
13:32:20.0181 5900 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
13:32:20.0185 5900 swenum - ok
13:32:20.0286 5900 SynTP (4a1917415a08fcd77dd6d6ed649d5e9d) C:\Windows\system32\DRIVERS\SynTP.sys
13:32:20.0309 5900 SynTP - ok
13:32:20.0409 5900 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
13:32:20.0430 5900 Tcpip - ok
13:32:20.0511 5900 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
13:32:20.0531 5900 TCPIP6 - ok
13:32:20.0571 5900 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
13:32:20.0574 5900 tcpipreg - ok
13:32:20.0609 5900 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
13:32:20.0613 5900 TDPIPE - ok
13:32:20.0645 5900 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
13:32:20.0649 5900 TDTCP - ok
13:32:20.0684 5900 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
13:32:20.0688 5900 tdx - ok
13:32:20.0717 5900 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
13:32:20.0721 5900 TermDD - ok
13:32:20.0801 5900 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
13:32:20.0805 5900 TPM - ok
13:32:20.0842 5900 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
13:32:20.0847 5900 TPPWRIF - ok
13:32:20.0898 5900 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:20.0902 5900 tssecsrv - ok
13:32:20.0945 5900 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
13:32:20.0949 5900 tunnel - ok
13:32:20.0995 5900 TVTI2C (cac5d5979850c9ad41a88033013bc806) C:\Windows\system32\DRIVERS\Tvti2c.sys
13:32:20.0999 5900 TVTI2C - ok
13:32:21.0028 5900 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:32:21.0033 5900 uagp35 - ok
13:32:21.0081 5900 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
13:32:21.0087 5900 udfs - ok
13:32:21.0145 5900 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:32:21.0153 5900 uliagpkx - ok
13:32:21.0188 5900 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
13:32:21.0193 5900 umbus - ok
13:32:21.0227 5900 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:32:21.0231 5900 UmPass - ok
13:32:21.0281 5900 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:32:21.0283 5900 USBAAPL - ok
13:32:21.0339 5900 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
13:32:21.0345 5900 usbccgp - ok
13:32:21.0397 5900 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
13:32:21.0401 5900 usbcir - ok
13:32:21.0456 5900 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
13:32:21.0460 5900 usbehci - ok
13:32:21.0503 5900 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
13:32:21.0510 5900 usbhub - ok
13:32:21.0564 5900 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
13:32:21.0567 5900 usbohci - ok
13:32:21.0595 5900 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:32:21.0600 5900 usbprint - ok
13:32:21.0668 5900 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:32:21.0673 5900 USBSTOR - ok
13:32:21.0728 5900 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
13:32:21.0732 5900 usbuhci - ok
13:32:21.0786 5900 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
13:32:21.0792 5900 usbvideo - ok
13:32:21.0838 5900 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:32:21.0840 5900 vdrvroot - ok
13:32:21.0868 5900 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:32:21.0873 5900 vga - ok
13:32:21.0910 5900 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:32:21.0915 5900 VgaSave - ok
13:32:21.0949 5900 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
13:32:21.0955 5900 vhdmp - ok
13:32:21.0984 5900 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
13:32:21.0989 5900 viaagp - ok
13:32:22.0017 5900 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:32:22.0023 5900 ViaC7 - ok
13:32:22.0063 5900 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
13:32:22.0067 5900 viaide - ok
13:32:22.0113 5900 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
13:32:22.0118 5900 vmbus - ok
13:32:22.0145 5900 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
13:32:22.0150 5900 VMBusHID - ok
13:32:22.0178 5900 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
13:32:22.0181 5900 volmgr - ok
13:32:22.0234 5900 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:32:22.0240 5900 volmgrx - ok
13:32:22.0275 5900 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
13:32:22.0280 5900 volsnap - ok
13:32:22.0312 5900 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:32:22.0317 5900 vsmraid - ok
13:32:22.0375 5900 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:32:22.0379 5900 vwifibus - ok
13:32:22.0440 5900 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:32:22.0444 5900 WacomPen - ok
13:32:22.0480 5900 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:22.0484 5900 WANARP - ok
13:32:22.0503 5900 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:22.0506 5900 Wanarpv6 - ok
13:32:22.0560 5900 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:32:22.0565 5900 Wd - ok
13:32:22.0606 5900 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:32:22.0614 5900 Wdf01000 - ok
13:32:22.0701 5900 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:32:22.0705 5900 WfpLwf - ok
13:32:22.0727 5900 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:32:22.0732 5900 WIMMount - ok
13:32:22.0794 5900 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:32:22.0807 5900 winachsf - ok
13:32:22.0905 5900 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
13:32:22.0908 5900 WinUsb - ok
13:32:22.0972 5900 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:32:22.0975 5900 WmiAcpi - ok
13:32:23.0077 5900 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:32:23.0081 5900 ws2ifsl - ok
13:32:23.0188 5900 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
13:32:23.0191 5900 WudfPf - ok
13:32:23.0243 5900 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:23.0247 5900 WUDFRd - ok
13:32:23.0311 5900 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
13:32:23.0313 5900 XAudio - ok
13:32:23.0392 5900 MBR (0x1B8) (eb437b26ee6496983cb3d0d82474d6fa) \Device\Harddisk0\DR0
13:32:23.0444 5900 \Device\Harddisk0\DR0 - ok
13:32:23.0468 5900 Boot (0x1200) (26b8825cf0e33a8dd65e56783c8553c1) \Device\Harddisk0\DR0\Partition0
13:32:23.0470 5900 \Device\Harddisk0\DR0\Partition0 - ok
13:32:23.0471 5900 ============================================================
13:32:23.0471 5900 Scan finished
13:32:23.0471 5900 ============================================================
13:32:23.0499 4680 Detected object count: 0
13:32:23.0499 4680 Actual detected object count: 0
13:33:00.0067 3996 ============================================================
13:33:00.0068 3996 Scan started
13:33:00.0068 3996 Mode: Manual;
13:33:00.0068 3996 ============================================================
13:33:00.0523 3996 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
13:33:00.0527 3996 1394ohci - ok
13:33:00.0571 3996 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
13:33:00.0576 3996 ACPI - ok
13:33:00.0625 3996 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
13:33:00.0627 3996 AcpiPmi - ok
13:33:00.0700 3996 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
13:33:00.0707 3996 ADIHdAudAddService - ok
13:33:00.0751 3996 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:33:00.0758 3996 adp94xx - ok
13:33:00.0808 3996 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:33:00.0814 3996 adpahci - ok
13:33:00.0861 3996 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:33:00.0865 3996 adpu320 - ok
13:33:00.0972 3996 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
13:33:00.0978 3996 AFD - ok
13:33:01.0017 3996 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
13:33:01.0019 3996 agp440 - ok
13:33:01.0080 3996 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:33:01.0082 3996 aic78xx - ok
13:33:01.0141 3996 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
13:33:01.0144 3996 aliide - ok
13:33:01.0200 3996 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
13:33:01.0202 3996 amdagp - ok
13:33:01.0246 3996 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
13:33:01.0247 3996 amdide - ok
13:33:01.0298 3996 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:33:01.0301 3996 AmdK8 - ok
13:33:01.0356 3996 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:33:01.0358 3996 AmdPPM - ok
13:33:01.0483 3996 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
13:33:01.0485 3996 amdsata - ok
13:33:01.0555 3996 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:33:01.0559 3996 amdsbs - ok
13:33:01.0595 3996 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
13:33:01.0597 3996 amdxata - ok
13:33:01.0702 3996 AMPPAL (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\AMPPAL.sys
13:33:01.0706 3996 AMPPAL - ok
13:33:01.0745 3996 AMPPALP (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\amppal.sys
13:33:01.0750 3996 AMPPALP - ok
13:33:01.0822 3996 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
13:33:01.0825 3996 AppID - ok
13:33:01.0984 3996 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:33:01.0987 3996 arc - ok
13:33:02.0033 3996 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:33:02.0036 3996 arcsas - ok
13:33:02.0095 3996 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:02.0097 3996 AsyncMac - ok
13:33:02.0152 3996 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
13:33:02.0154 3996 atapi - ok
13:33:02.0261 3996 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
13:33:02.0264 3996 Avgfwfd - ok
13:33:02.0355 3996 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:33:02.0359 3996 AVGIDSDriver - ok
13:33:02.0407 3996 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:33:02.0409 3996 AVGIDSEH - ok
13:33:02.0471 3996 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:33:02.0472 3996 AVGIDSFilter - ok
13:33:02.0508 3996 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
13:33:02.0510 3996 AVGIDSShim - ok
13:33:02.0575 3996 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
13:33:02.0580 3996 Avgldx86 - ok
13:33:02.0677 3996 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
13:33:02.0679 3996 Avgmfx86 - ok
13:33:02.0726 3996 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
13:33:02.0728 3996 Avgrkx86 - ok
13:33:02.0801 3996 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
13:33:02.0806 3996 Avgtdix - ok
13:33:02.0899 3996 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:33:02.0907 3996 b06bdrv - ok
13:33:02.0963 3996 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:33:02.0968 3996 b57nd60x - ok
13:33:03.0019 3996 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:33:03.0021 3996 Beep - ok
13:33:03.0124 3996 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:33:03.0127 3996 blbdrive - ok
13:33:03.0190 3996 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
13:33:03.0192 3996 bowser - ok
13:33:03.0272 3996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:33:03.0274 3996 BrFiltLo - ok
13:33:03.0318 3996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:33:03.0319 3996 BrFiltUp - ok
13:33:03.0378 3996 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:33:03.0384 3996 Brserid - ok
13:33:03.0421 3996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:33:03.0423 3996 BrSerWdm - ok
13:33:03.0463 3996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:33:03.0466 3996 BrUsbMdm - ok
13:33:03.0510 3996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:33:03.0512 3996 BrUsbSer - ok
13:33:03.0609 3996 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
13:33:03.0611 3996 BthEnum - ok
13:33:03.0655 3996 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:33:03.0657 3996 BTHMODEM - ok
13:33:03.0733 3996 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:33:03.0736 3996 BthPan - ok
13:33:03.0799 3996 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
13:33:03.0806 3996 BTHPORT - ok
13:33:03.0859 3996 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
13:33:03.0861 3996 BTHUSB - ok
13:33:03.0912 3996 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
13:33:03.0914 3996 btusbflt - ok
13:33:03.0971 3996 BTWAMPFL (8e8fab65326c4f35ffe2026cb3be396d) C:\Windows\system32\DRIVERS\btwampfl.sys
13:33:03.0977 3996 BTWAMPFL - ok
13:33:04.0036 3996 btwaudio (b25f9c5219d6f153066d1503110330e4) C:\Windows\system32\drivers\btwaudio.sys
13:33:04.0039 3996 btwaudio - ok
13:33:04.0089 3996 btwavdt (9d4a35cef4d539008ea4226e33a700de) C:\Windows\system32\DRIVERS\btwavdt.sys
13:33:04.0092 3996 btwavdt - ok
13:33:04.0126 3996 BTWDPAN (b5bb5531f92234db3602b60819de3158) C:\Windows\system32\DRIVERS\btwdpan.sys
13:33:04.0128 3996 BTWDPAN - ok
13:33:04.0179 3996 btwl2cap (80ee715e92364861262b75c84b2654ce) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:33:04.0182 3996 btwl2cap - ok
13:33:04.0217 3996 btwrchid (b1f85b4985a6419e3fcddcb251547130) C:\Windows\system32\DRIVERS\btwrchid.sys
13:33:04.0219 3996 btwrchid - ok
13:33:04.0268 3996 catchme - ok
13:33:04.0313 3996 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:04.0316 3996 cdfs - ok
13:33:04.0372 3996 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:04.0375 3996 cdrom - ok
13:33:04.0422 3996 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:33:04.0424 3996 circlass - ok
13:33:04.0489 3996 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:33:04.0495 3996 CLFS - ok
13:33:04.0546 3996 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:33:04.0549 3996 CmBatt - ok
13:33:04.0579 3996 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
13:33:04.0582 3996 cmdide - ok
13:33:04.0655 3996 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:33:04.0662 3996 CNG - ok
13:33:04.0708 3996 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:33:04.0710 3996 Compbatt - ok
13:33:04.0763 3996 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:33:04.0765 3996 CompositeBus - ok
13:33:04.0810 3996 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:33:04.0812 3996 crcdisk - ok
13:33:04.0883 3996 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
13:33:04.0890 3996 CSC - ok
13:33:04.0984 3996 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
13:33:04.0987 3996 DfsC - ok
13:33:05.0039 3996 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:33:05.0041 3996 discache - ok
13:33:05.0081 3996 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:33:05.0084 3996 Disk - ok
13:33:05.0121 3996 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
13:33:05.0123 3996 DozeHDD - ok
13:33:05.0172 3996 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:33:05.0174 3996 drmkaud - ok
13:33:05.0257 3996 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:05.0269 3996 DXGKrnl - ok
13:33:05.0328 3996 e1express (339cbffbbc29580dbc3b235f2fb74f74) C:\Windows\system32\DRIVERS\e1e6232.sys
13:33:05.0333 3996 e1express - ok
13:33:05.0521 3996 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:33:05.0569 3996 ebdrv - ok
13:33:05.0629 3996 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:33:05.0637 3996 elxstor - ok
13:33:05.0670 3996 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
13:33:05.0671 3996 ErrDev - ok
13:33:05.0730 3996 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:33:05.0734 3996 exfat - ok
13:33:05.0769 3996 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:33:05.0773 3996 fastfat - ok
13:33:05.0801 3996 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:33:05.0803 3996 fdc - ok
13:33:05.0842 3996 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:33:05.0845 3996 FileInfo - ok
13:33:05.0870 3996 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:33:05.0872 3996 Filetrace - ok
13:33:05.0905 3996 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:05.0907 3996 flpydisk - ok
13:33:05.0938 3996 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:33:05.0942 3996 FltMgr - ok
13:33:05.0987 3996 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:33:05.0989 3996 FsDepends - ok
13:33:06.0043 3996 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
13:33:06.0045 3996 fssfltr - ok
13:33:06.0086 3996 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:06.0088 3996 Fs_Rec - ok
13:33:06.0161 3996 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
13:33:06.0165 3996 fvevol - ok
13:33:06.0193 3996 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:33:06.0196 3996 gagp30kx - ok
13:33:06.0243 3996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:33:06.0245 3996 GEARAspiWDM - ok
13:33:06.0280 3996 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:33:06.0282 3996 hcw85cir - ok
13:33:06.0330 3996 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
13:33:06.0336 3996 HdAudAddService - ok
13:33:06.0361 3996 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:06.0364 3996 HDAudBus - ok
13:33:06.0393 3996 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:33:06.0395 3996 HidBatt - ok
13:33:06.0425 3996 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:33:06.0428 3996 HidBth - ok
13:33:06.0454 3996 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:33:06.0456 3996 HidIr - ok
13:33:06.0488 3996 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:06.0490 3996 HidUsb - ok
13:33:06.0548 3996 hitmanpro35 (411bce825fca2b296ff89b833de11321) C:\Windows\system32\drivers\hitmanpro36.sys
13:33:06.0550 3996 hitmanpro35 - ok
13:33:06.0599 3996 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:33:06.0602 3996 HpSAMD - ok
13:33:06.0749 3996 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:33:06.0765 3996 HSF_DPV - ok
13:33:06.0803 3996 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:33:06.0808 3996 HSXHWAZL - ok
13:33:06.0847 3996 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
13:33:06.0858 3996 HTTP - ok
13:33:06.0880 3996 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
13:33:06.0883 3996 hwpolicy - ok
13:33:06.0933 3996 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
13:33:06.0937 3996 i8042prt - ok
13:33:06.0978 3996 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys
13:33:06.0984 3996 iaStor - ok
13:33:07.0046 3996 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
13:33:07.0053 3996 iaStorV - ok
13:33:07.0106 3996 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:33:07.0109 3996 IBMPMDRV - ok
13:33:07.0145 3996 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:33:07.0148 3996 iirsp - ok
13:33:07.0218 3996 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
13:33:07.0220 3996 intelide - ok
13:33:07.0245 3996 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:07.0247 3996 intelppm - ok
13:33:07.0280 3996 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:07.0283 3996 IpFilterDriver - ok
13:33:07.0313 3996 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:33:07.0315 3996 IPMIDRV - ok
13:33:07.0347 3996 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:33:07.0350 3996 IPNAT - ok
13:33:07.0379 3996 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:33:07.0381 3996 IRENUM - ok
13:33:07.0409 3996 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
13:33:07.0411 3996 isapnp - ok
13:33:07.0445 3996 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
13:33:07.0449 3996 iScsiPrt - ok
13:33:07.0479 3996 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:07.0482 3996 kbdclass - ok
13:33:07.0500 3996 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:07.0503 3996 kbdhid - ok
13:33:07.0568 3996 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
13:33:07.0571 3996 KSecDD - ok
13:33:07.0629 3996 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
13:33:07.0633 3996 KSecPkg - ok
13:33:07.0687 3996 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:07.0689 3996 lltdio - ok
13:33:07.0737 3996 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:33:07.0740 3996 LSI_FC - ok
13:33:07.0770 3996 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:33:07.0773 3996 LSI_SAS - ok
13:33:07.0801 3996 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:33:07.0803 3996 LSI_SAS2 - ok
13:33:07.0832 3996 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:33:07.0835 3996 LSI_SCSI - ok
13:33:07.0855 3996 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:33:07.0859 3996 luafv - ok
13:33:07.0906 3996 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:33:07.0909 3996 mdmxsdk - ok
13:33:07.0954 3996 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:33:07.0956 3996 megasas - ok
13:33:07.0990 3996 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:33:07.0996 3996 MegaSR - ok
13:33:08.0039 3996 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:33:08.0041 3996 Modem - ok
13:33:08.0079 3996 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:33:08.0081 3996 monitor - ok
13:33:08.0107 3996 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:08.0110 3996 mouclass - ok
13:33:08.0139 3996 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:08.0141 3996 mouhid - ok
13:33:08.0205 3996 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
13:33:08.0208 3996 mountmgr - ok
13:33:08.0234 3996 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
13:33:08.0237 3996 mpio - ok
13:33:08.0271 3996 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:33:08.0273 3996 mpsdrv - ok
13:33:08.0304 3996 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
13:33:08.0307 3996 MRxDAV - ok
13:33:08.0357 3996 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:08.0360 3996 mrxsmb - ok
13:33:08.0389 3996 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:08.0394 3996 mrxsmb10 - ok
13:33:08.0425 3996 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:08.0428 3996 mrxsmb20 - ok
13:33:08.0453 3996 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
13:33:08.0455 3996 msahci - ok
13:33:08.0488 3996 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
13:33:08.0491 3996 msdsm - ok
13:33:08.0530 3996 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:33:08.0533 3996 Msfs - ok
13:33:08.0559 3996 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:33:08.0561 3996 mshidkmdf - ok
13:33:08.0582 3996 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
13:33:08.0585 3996 msisadrv - ok
13:33:08.0633 3996 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:08.0635 3996 MSKSSRV - ok
13:33:08.0659 3996 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:08.0661 3996 MSPCLOCK - ok
13:33:08.0686 3996 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:33:08.0688 3996 MSPQM - ok
13:33:08.0720 3996 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Thu Dec 29, 2011 6:43 pm    Post subject: TDSS Log #2 Reply with quote
13:33:08.0720 3996 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:33:08.0724 3996 MsRPC - ok
13:33:08.0751 3996 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:08.0754 3996 mssmbios - ok
13:33:08.0782 3996 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:33:08.0784 3996 MSTEE - ok
13:33:08.0817 3996 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:33:08.0819 3996 MTConfig - ok
13:33:08.0864 3996 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:33:08.0867 3996 Mup - ok
13:33:08.0925 3996 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:08.0931 3996 NativeWifiP - ok
13:33:08.0978 3996 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
13:33:08.0990 3996 NDIS - ok
13:33:09.0020 3996 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:33:09.0023 3996 NdisCap - ok
13:33:09.0048 3996 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:09.0050 3996 NdisTapi - ok
13:33:09.0082 3996 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:09.0084 3996 Ndisuio - ok
13:33:09.0123 3996 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:09.0127 3996 NdisWan - ok
13:33:09.0155 3996 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
13:33:09.0158 3996 NDProxy - ok
13:33:09.0184 3996 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:33:09.0186 3996 NetBIOS - ok
13:33:09.0217 3996 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
13:33:09.0221 3996 NetBT - ok
13:33:09.0437 3996 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
13:33:09.0501 3996 netw5v32 - ok
13:33:09.0765 3996 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
13:33:09.0867 3996 NETwLv32 - ok
13:33:09.0916 3996 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:33:09.0919 3996 nfrd960 - ok
13:33:09.0959 3996 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:33:09.0961 3996 Npfs - ok
13:33:09.0987 3996 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:33:09.0990 3996 nsiproxy - ok
13:33:10.0118 3996 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
13:33:10.0139 3996 Ntfs - ok
13:33:10.0163 3996 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:33:10.0165 3996 Null - ok
13:33:10.0508 3996 nvlddmkm (4a6688bf47940cdc1475772b235c6323) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:33:10.0666 3996 nvlddmkm - ok
13:33:10.0720 3996 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
13:33:10.0724 3996 nvraid - ok
13:33:10.0769 3996 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
13:33:10.0773 3996 nvstor - ok
13:33:10.0804 3996 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
13:33:10.0807 3996 nv_agp - ok
13:33:10.0835 3996 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
13:33:10.0838 3996 ohci1394 - ok
13:33:10.0884 3996 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:33:10.0888 3996 Parport - ok
13:33:10.0918 3996 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
13:33:10.0921 3996 partmgr - ok
13:33:10.0951 3996 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:33:10.0953 3996 Parvdm - ok
13:33:10.0979 3996 PcdrNdisuio - ok
13:33:11.0019 3996 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
13:33:11.0023 3996 pci - ok
13:33:11.0055 3996 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
13:33:11.0058 3996 pciide - ok
13:33:11.0092 3996 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:33:11.0097 3996 pcmcia - ok
13:33:11.0123 3996 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:33:11.0126 3996 pcw - ok
13:33:11.0167 3996 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:33:11.0178 3996 PEAUTH - ok
13:33:11.0287 3996 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:11.0291 3996 PptpMiniport - ok
13:33:11.0325 3996 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:33:11.0328 3996 Processor - ok
13:33:11.0383 3996 psadd (06f82545e04ebf113b1c2c1c9f766d81) C:\Windows\system32\DRIVERS\psadd.sys
13:33:11.0385 3996 psadd - ok
13:33:11.0431 3996 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:33:11.0434 3996 Psched - ok
13:33:11.0491 3996 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
13:33:11.0493 3996 PxHelp20 - ok
13:33:11.0562 3996 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:33:11.0585 3996 ql2300 - ok
13:33:11.0619 3996 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:33:11.0623 3996 ql40xx - ok
13:33:11.0662 3996 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:33:11.0665 3996 QWAVEdrv - ok
13:33:11.0693 3996 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:11.0695 3996 RasAcd - ok
13:33:11.0734 3996 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:33:11.0736 3996 RasAgileVpn - ok
13:33:11.0764 3996 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:11.0767 3996 Rasl2tp - ok
13:33:11.0803 3996 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:11.0806 3996 RasPppoe - ok
13:33:11.0832 3996 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:11.0834 3996 RasSstp - ok
13:33:11.0864 3996 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:11.0869 3996 rdbss - ok
13:33:11.0905 3996 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:33:11.0908 3996 rdpbus - ok
13:33:11.0937 3996 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:11.0939 3996 RDPCDD - ok
13:33:11.0980 3996 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
13:33:11.0983 3996 RDPDR - ok
13:33:12.0010 3996 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:33:12.0012 3996 RDPENCDD - ok
13:33:12.0047 3996 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:33:12.0049 3996 RDPREFMP - ok
13:33:12.0092 3996 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
13:33:12.0096 3996 RDPWD - ok
13:33:12.0142 3996 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
13:33:12.0147 3996 rdyboost - ok
13:33:12.0215 3996 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:33:12.0218 3996 RFCOMM - ok
13:33:12.0258 3996 rimmptsk (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys
13:33:12.0261 3996 rimmptsk - ok
13:33:12.0283 3996 rimsptsk (49ec82b44eb93374ed9988da7e0e0151) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:33:12.0285 3996 rimsptsk - ok
13:33:12.0312 3996 rismxdp (3f400c3ccd0818858602ddb37b5de719) C:\Windows\system32\DRIVERS\rixdptsk.sys
13:33:12.0315 3996 rismxdp - ok
13:33:12.0354 3996 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:12.0357 3996 rspndr - ok
13:33:12.0397 3996 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
13:33:12.0400 3996 s3cap - ok
13:33:12.0440 3996 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
13:33:12.0443 3996 sbp2port - ok
13:33:12.0473 3996 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
13:33:12.0476 3996 scfilter - ok
13:33:12.0525 3996 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\drivers\sdbus.sys
13:33:12.0528 3996 sdbus - ok
13:33:12.0555 3996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:33:12.0558 3996 secdrv - ok
13:33:12.0628 3996 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:33:12.0630 3996 Serenum - ok
13:33:12.0681 3996 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:33:12.0684 3996 Serial - ok
13:33:12.0728 3996 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:33:12.0730 3996 sermouse - ok
13:33:12.0795 3996 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:33:12.0797 3996 sffdisk - ok
13:33:12.0837 3996 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:33:12.0839 3996 sffp_mmc - ok
13:33:12.0878 3996 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
13:33:12.0880 3996 sffp_sd - ok
13:33:12.0931 3996 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:33:12.0933 3996 sfloppy - ok
13:33:12.0995 3996 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
13:33:12.0998 3996 sisagp - ok
13:33:13.0043 3996 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:33:13.0046 3996 SiSRaid2 - ok
13:33:13.0103 3996 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:33:13.0106 3996 SiSRaid4 - ok
13:33:13.0174 3996 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:33:13.0177 3996 Smb - ok
13:33:13.0238 3996 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:33:13.0241 3996 spldr - ok
13:33:13.0319 3996 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
13:33:13.0327 3996 srv - ok
13:33:13.0373 3996 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
13:33:13.0379 3996 srv2 - ok
13:33:13.0419 3996 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:33:13.0424 3996 SrvHsfHDA - ok
13:33:13.0478 3996 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:33:13.0494 3996 SrvHsfV92 - ok
13:33:13.0535 3996 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:33:13.0547 3996 SrvHsfWinac - ok
13:33:13.0592 3996 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:13.0595 3996 srvnet - ok
13:33:13.0651 3996 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:33:13.0653 3996 stexstor - ok
13:33:13.0690 3996 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
13:33:13.0693 3996 storflt - ok
13:33:13.0725 3996 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
13:33:13.0727 3996 storvsc - ok
13:33:13.0767 3996 SWDUMon (ab7f6435b3dc381919c3e2cb4d94c7fb) C:\Windows\system32\DRIVERS\SWDUMon.sys
13:33:13.0770 3996 SWDUMon - ok
13:33:13.0800 3996 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
13:33:13.0802 3996 swenum - ok
13:33:13.0897 3996 SynTP (4a1917415a08fcd77dd6d6ed649d5e9d) C:\Windows\system32\DRIVERS\SynTP.sys
13:33:13.0919 3996 SynTP - ok
13:33:14.0038 3996 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
13:33:14.0059 3996 Tcpip - ok
13:33:14.0136 3996 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:14.0157 3996 TCPIP6 - ok
13:33:14.0194 3996 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
13:33:14.0196 3996 tcpipreg - ok
13:33:14.0245 3996 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
13:33:14.0247 3996 TDPIPE - ok
13:33:14.0305 3996 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
13:33:14.0308 3996 TDTCP - ok
13:33:14.0344 3996 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
13:33:14.0347 3996 tdx - ok
13:33:14.0385 3996 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
13:33:14.0388 3996 TermDD - ok
13:33:14.0452 3996 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
13:33:14.0455 3996 TPM - ok
13:33:14.0494 3996 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
13:33:14.0496 3996 TPPWRIF - ok
13:33:14.0550 3996 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:14.0552 3996 tssecsrv - ok
13:33:14.0588 3996 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:14.0592 3996 tunnel - ok
13:33:14.0638 3996 TVTI2C (cac5d5979850c9ad41a88033013bc806) C:\Windows\system32\DRIVERS\Tvti2c.sys
13:33:14.0641 3996 TVTI2C - ok
13:33:14.0671 3996 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:33:14.0674 3996 uagp35 - ok
13:33:14.0708 3996 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
13:33:14.0713 3996 udfs - ok
13:33:14.0763 3996 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:33:14.0765 3996 uliagpkx - ok
13:33:14.0807 3996 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
13:33:14.0810 3996 umbus - ok
13:33:14.0846 3996 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:33:14.0848 3996 UmPass - ok
13:33:14.0891 3996 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:33:14.0894 3996 USBAAPL - ok
13:33:14.0950 3996 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:14.0953 3996 usbccgp - ok
13:33:14.0983 3996 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
13:33:14.0986 3996 usbcir - ok
13:33:15.0017 3996 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:15.0019 3996 usbehci - ok
13:33:15.0072 3996 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:15.0079 3996 usbhub - ok
13:33:15.0108 3996 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
13:33:15.0111 3996 usbohci - ok
13:33:15.0130 3996 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:15.0133 3996 usbprint - ok
13:33:15.0188 3996 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:15.0191 3996 USBSTOR - ok
13:33:15.0229 3996 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:15.0232 3996 usbuhci - ok
13:33:15.0281 3996 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
13:33:15.0285 3996 usbvideo - ok
13:33:15.0336 3996 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:33:15.0339 3996 vdrvroot - ok
13:33:15.0374 3996 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:15.0377 3996 vga - ok
13:33:15.0413 3996 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:33:15.0416 3996 VgaSave - ok
13:33:15.0453 3996 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
13:33:15.0457 3996 vhdmp - ok
13:33:15.0531 3996 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
13:33:15.0534 3996 viaagp - ok
13:33:15.0570 3996 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:33:15.0574 3996 ViaC7 - ok
13:33:15.0616 3996 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
13:33:15.0618 3996 viaide - ok
13:33:15.0674 3996 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
13:33:15.0679 3996 vmbus - ok
13:33:15.0706 3996 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
13:33:15.0709 3996 VMBusHID - ok
13:33:15.0747 3996 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
13:33:15.0750 3996 volmgr - ok
13:33:15.0804 3996 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:33:15.0811 3996 volmgrx - ok
13:33:15.0845 3996 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
13:33:15.0850 3996 volsnap - ok
13:33:15.0881 3996 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:33:15.0885 3996 vsmraid - ok
13:33:15.0920 3996 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:33:15.0922 3996 vwifibus - ok
13:33:15.0966 3996 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:33:15.0968 3996 WacomPen - ok
13:33:16.0000 3996 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:16.0003 3996 WANARP - ok
13:33:16.0023 3996 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:16.0026 3996 Wanarpv6 - ok
13:33:16.0097 3996 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:33:16.0099 3996 Wd - ok
13:33:16.0134 3996 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:33:16.0144 3996 Wdf01000 - ok
13:33:16.0204 3996 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:16.0208 3996 WfpLwf - ok
13:33:16.0228 3996 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:33:16.0231 3996 WIMMount - ok
13:33:16.0282 3996 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:33:16.0293 3996 winachsf - ok
13:33:16.0384 3996 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
13:33:16.0386 3996 WinUsb - ok
13:33:16.0426 3996 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:33:16.0429 3996 WmiAcpi - ok
13:33:16.0487 3996 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:16.0491 3996 ws2ifsl - ok
13:33:16.0551 3996 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
13:33:16.0554 3996 WudfPf - ok
13:33:16.0590 3996 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:16.0594 3996 WUDFRd - ok
13:33:16.0633 3996 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
13:33:16.0635 3996 XAudio - ok
13:33:16.0697 3996 MBR (0x1B8) (eb437b26ee6496983cb3d0d82474d6fa) \Device\Harddisk0\DR0
13:33:16.0745 3996 \Device\Harddisk0\DR0 - ok
13:33:16.0781 3996 Boot (0x1200) (26b8825cf0e33a8dd65e56783c8553c1) \Device\Harddisk0\DR0\Partition0
13:33:16.0787 3996 \Device\Harddisk0\DR0\Partition0 - ok
13:33:16.0788 3996 ============================================================
13:33:16.0788 3996 Scan finished
13:33:16.0788 3996 ============================================================
13:33:16.0806 5180 Detected object count: 0
13:33:16.0806 5180 Actual detected object count: 0
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Thu Dec 29, 2011 6:46 pm    Post subject: Junction Log Reply with quote
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\RRbackups: Access is denied.


...

..
Failed to open \\?\c:\\Bekas - Stay Out\My Pictures\1.. Hannah\Hannah 7-28-11\Untitled Export\experimental.jpg: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

..

...

...

...

.
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


\\?\c:\\Qoobox\Quarantine\C\Windows\$NtUninstallKB13887$\2584940353.vir: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

..


Failed to open \\?\c:\\System Volume Information\WindowsImageBackup: Access is denied.



Failed to open \\?\c:\\System Volume Information\{09d38612-2b79-11e1-812d-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{0d5c75bb-0bb8-11e1-81d0-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{0d5c78ab-0bb8-11e1-81d0-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{16a80d22-3209-11e1-84d5-001de08cd93b}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{478a73e9-20ca-11e1-bf32-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{49194f1e-3108-11e1-81fd-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{4d304280-1993-11e1-8108-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{4d3042a8-1993-11e1-8108-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{4febac9a-2769-11e1-b2df-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{592931a2-30f8-11e1-b2d9-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6139c593-280c-11e1-b299-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6851a12c-09e2-11e1-ac45-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{698ca1de-30ed-11e1-846c-001e4cfcd299}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{71363e66-30a9-11e1-abb3-001e4cfcd299}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{7760d6d5-16ed-11e1-8184-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{7760d6d9-16ed-11e1-8184-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{7760d6dd-16ed-11e1-8184-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{7760d6e7-16ed-11e1-8184-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{7760d6eb-16ed-11e1-8184-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{7760d84e-16ed-11e1-8184-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{7760d852-16ed-11e1-8184-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{7760d895-16ed-11e1-8184-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{82e05ff0-114d-11e1-8181-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{82e060f2-114d-11e1-8181-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{87cc71ed-30a1-11e1-a7e3-001e4cfcd299}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{883128d9-2b7b-11e1-815f-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{89379f66-09af-11e1-81c8-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{8e3ae455-30fe-11e1-847d-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{8e3ae471-30fe-11e1-847d-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{8e3ae475-30fe-11e1-847d-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{94c198d0-2f1f-11e1-8189-001e4cfcd299}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{a50e90a2-24d3-11e1-b2af-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{a5ba6ec1-20d0-11e1-9be9-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{a6840591-017d-11e1-96c3-001e4cfcd299}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{a68408bd-017d-11e1-96c3-001e4cfcd299}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{bf1b3f07-2809-11e1-81f2-0021869ab5d4}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{f7b05514-1b69-11e1-976b-001de08cd93b}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{f7b0583b-1b69-11e1-976b-001de08cd93b}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{ff70134a-30be-11e1-99d6-001e4cfcd299}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{ff701388-30be-11e1-99d6-001e4cfcd299}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{ff70138c-30be-11e1-99d6-001e4cfcd299}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{ff7013b5-30be-11e1-99d6-001e4cfcd299}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.


\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

...

...

...

...

\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

.\\?\c:\\Users\SeizeTheMemories\Application Data: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Roaming
Substitute Name: C:\Users\SeizeTheMemories\AppData\Roaming

\\?\c:\\Users\SeizeTheMemories\Cookies: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\SeizeTheMemories\Local Settings: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Local
Substitute Name: C:\Users\SeizeTheMemories\AppData\Local

\\?\c:\\Users\SeizeTheMemories\My Documents: JUNCTION
Print Name : C:\Users\SeizeTheMemories\Documents
Substitute Name: C:\Users\SeizeTheMemories\Documents

\\?\c:\\Users\SeizeTheMemories\NetHood: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\SeizeTheMemories\PrintHood: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\SeizeTheMemories\Recent: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\SeizeTheMemories\SendTo: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\SeizeTheMemories\Start Menu: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\SeizeTheMemories\Templates: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\SeizeTheMemories\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Local
Substitute Name: C:\Users\SeizeTheMemories\AppData\Local

\\?\c:\\Users\SeizeTheMemories\AppData\Local\History: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\SeizeTheMemories\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\SeizeTheMemories\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\SeizeTheMemories\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\SeizeTheMemories\AppData\Local\Microsoft\Windows\Temporary Internet Files

..

...

...

...

...

...

...

...

...

...

...

...

.\\?\c:\\Users\SeizeTheMemories\Documents\My Music: JUNCTION
Print Name : C:\Users\SeizeTheMemories\Music
Substitute Name: C:\Users\SeizeTheMemories\Music

\\?\c:\\Users\SeizeTheMemories\Documents\My Pictures: JUNCTION
Print Name : C:\Users\SeizeTheMemories\Pictures
Substitute Name: C:\Users\SeizeTheMemories\Pictures

\\?\c:\\Users\SeizeTheMemories\Documents\My Videos: JUNCTION
Print Name : C:\Users\SeizeTheMemories\Videos
Substitute Name: C:\Users\SeizeTheMemories\Videos

..

...

...

.
Failed to open \\?\c:\\Windows\CSC\v2.0.6: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\035BY218\250x250%3Btile%3D1%3Bbsg%3D101111%3Bbsg%3D101112%3Bbsg%3D122250%3Bbsg%3D127636%3B%3B~aopt%3D2%2F1%2F9339%2F0%3B~sscs%3D%3F;ord=395403716[1]: Access is denied.



Failed to open \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\035BY218\250x250%3Btile%3D1%3Bbsg%3D101111%3Bbsg%3D101112%3Bbsg%3D122250%3Bbsg%3D127636%3B%3B~aopt%3D2%2F1%2F9339%2F0%3B~sscs%3D%3F;ord=395452953[1]: Access is denied.



Failed to open \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\035BY218\3Dhealthy_diet%253Btax%253Dsugar%253Btax%253Deating_habits%253Bpos%253D1%253Btile%253D2%253Bsz%253D160x600%253Bord%253D105884933848795[1]: Access is denied.



Failed to open \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\035BY218\8;dcopt=ist;abr=!webtvs;camp=ls_food_articles;camp=food_articles;tax=healthy_diet;tax=sugar;tax=eating_habits;sz=1x1;ord=105884933848795[1]: Access is denied.


.
Failed to open \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\035BY218\webtvs;camp=ls_food_articles;camp=food_articles;tax=healthy_diet;tax=sugar;tax=eating_habits;pos=1;tile=2;sz=160x600;ord=105884933848795[1]: Access is denied.



Failed to open \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8HLX3U3\M1GAAg8NoEMAA489sEQARItgJQ2e0gWABg9gRoAHAMePgCgAEciAEkkAEBmAEBoAEBqAEAsAEAuQF7FK5H4XqEP8EBexSuR-F6hD_JAejGWm-YU9c_2QEAAAAAAADwP-ABAA.[1].js: Access is denied.


..

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Thu Dec 29, 2011 6:54 pm    Post subject: ESET Log Reply with quote
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=095f45107e01ab40a79b32c09b92d2e4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-30 02:27:20
# local_time=2011-12-29 09:27:20 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1032 16777213 100 97 0 67404174 0 0
# compatibility_mode=5893 16776574 100 94 8718547 76735221 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=265343
# found=12
# cleaned=0
# scan_time=21610
C:\Bekas - Stay Out\Bekas\Downloads\DailyBibleGuide.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
C:\Bekas - Stay Out\Bekas\Downloads\MyFunCards.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\Belltech_Business_Card_keygen.zip Win32/Sirefef.DK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\businesscarddesignerv5.0serialpc.zip Win32/Sirefef.DK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\cnet_FinitySoftMemoryManager_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\cnet_WinBubble_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\MediaGet2.exe a variant of Win32/MediaGet application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\PageRageSetup(1).exe probably a variant of Win32/Adware.HFXSRJX application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\PageRageSetup(2).exe probably a variant of Win32/Adware.HFXSRJX application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\PageRageSetup.exe probably a variant of Win32/Adware.HFXSRJX application (unable to clean) 00000000000000000000000000000000 I
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Thu Dec 29, 2011 6:56 pm    Post subject: Thanks Gary Reply with quote
Appreciate the brain power and experience your giving me.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Thu Dec 29, 2011 10:57 pm    Post subject: Reply with quote
You're welcome Smile

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Files
C:\Bekas - Stay Out\Bekas\Downloads\DailyBibleGuide.exe
C:\Bekas - Stay Out\Bekas\Downloads\MyFunCards.exe
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
C:\Users\SeizeTheMemories\Downloads\Belltech_Business_Card_keygen.zip
C:\Users\SeizeTheMemories\Downloads\businesscarddesignerv5.0serialpc.zip
C:\Users\SeizeTheMemories\Downloads\cnet_FinitySoftMemoryManager_exe.exe
C:\Users\SeizeTheMemories\Downloads\cnet_WinBubble_zip.exe
C:\Users\SeizeTheMemories\Downloads\imf-setup.exe
C:\Users\SeizeTheMemories\Downloads\MediaGet2.exe
C:\Users\SeizeTheMemories\Downloads\PageRageSetup(1).exe
C:\Users\SeizeTheMemories\Downloads\PageRageSetup(2).exe
C:\Users\SeizeTheMemories\Downloads\PageRageSetup.exe
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[ResetHosts]
[CreateRestorePoint]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Please let me know how your computer is behaving now.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Sat Dec 31, 2011 3:39 am    Post subject: otl log Reply with quote
All processes killed
========== FILES ==========
C:\Bekas - Stay Out\Bekas\Downloads\DailyBibleGuide.exe moved successfully.
C:\Bekas - Stay Out\Bekas\Downloads\MyFunCards.exe moved successfully.
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll moved successfully.
C:\Users\SeizeTheMemories\Downloads\Belltech_Business_Card_keygen.zip moved successfully.
C:\Users\SeizeTheMemories\Downloads\businesscarddesignerv5.0serialpc.zip moved successfully.
C:\Users\SeizeTheMemories\Downloads\cnet_FinitySoftMemoryManager_exe.exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\cnet_WinBubble_zip.exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\imf-setup.exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\MediaGet2.exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\PageRageSetup(1).exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\PageRageSetup(2).exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\PageRageSetup.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SeizeTheMemories\Desktop\cmd.bat deleted successfully.
C:\Users\SeizeTheMemories\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: SeizeTheMemories
->Temp folder emptied: 2557264317 bytes
->Temporary Internet Files folder emptied: 9826498 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 44624073 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12594415 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,503.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTL by OldTimer - Version 3.2.31.0 log created on 12312011_062956

Files\Folders moved on Reboot...
File\Folder C:\Users\SeizeTheMemories\AppData\Local\Temp\Photoshop Temp2845837872 not found!

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Sat Dec 31, 2011 3:40 am    Post subject: otl log Reply with quote
All processes killed
========== FILES ==========
C:\Bekas - Stay Out\Bekas\Downloads\DailyBibleGuide.exe moved successfully.
C:\Bekas - Stay Out\Bekas\Downloads\MyFunCards.exe moved successfully.
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll moved successfully.
C:\Users\SeizeTheMemories\Downloads\Belltech_Business_Card_keygen.zip moved successfully.
C:\Users\SeizeTheMemories\Downloads\businesscarddesignerv5.0serialpc.zip moved successfully.
C:\Users\SeizeTheMemories\Downloads\cnet_FinitySoftMemoryManager_exe.exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\cnet_WinBubble_zip.exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\imf-setup.exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\MediaGet2.exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\PageRageSetup(1).exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\PageRageSetup(2).exe moved successfully.
C:\Users\SeizeTheMemories\Downloads\PageRageSetup.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SeizeTheMemories\Desktop\cmd.bat deleted successfully.
C:\Users\SeizeTheMemories\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: SeizeTheMemories
->Temp folder emptied: 2557264317 bytes
->Temporary Internet Files folder emptied: 9826498 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 44624073 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12594415 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,503.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTL by OldTimer - Version 3.2.31.0 log created on 12312011_062956

Files\Folders moved on Reboot...
File\Folder C:\Users\SeizeTheMemories\AppData\Local\Temp\Photoshop Temp2845837872 not found!

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Sat Dec 31, 2011 5:39 am    Post subject: Reply with quote
Please let me know how your computer is behaving now.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23
PostPosted: Sat Dec 31, 2011 6:27 am    Post subject: OUTSTANDING!!!!! Reply with quote
Your the Master!
It's working good, not any problems!
Many, many thanks. Smile
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Sat Dec 31, 2011 7:01 am    Post subject: Reply with quote
You're welcome, glad we could help. Smile

OK, time for a little tidying up and then I'll make a few suggestions about security.

First

Let's clear out Combofix and the files/folders it created

  • Click Start > Run
  • Copy/Paste ComboFix /Uninstall into the Run box.
  • Click OK
  • Combofix will now delete its files and folders and also perform the following function.

    • Clears System Restore cache and creates a new Restore point. This will remove any "malicious" System Restore files, which may have been created whilst your computer was infected.


IMPORTANT

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


Next

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller.

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).


Next

Delete Junction

As far as I can see, your computer looks clear of infection now.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


If your computer is running slowly after your clean up, please read.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Sun Jan 01, 2012 2:15 am    Post subject: Reply with quote
Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group