Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Oops! Cannot connect to google.com
Goto page 1, 2  Next
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Sat Feb 11, 2012 5:42 pm    Post subject: Oops! Cannot connect to google.com Reply with quote

Hello,

I'm trying to help my mother with her computer, it can't connect to google, but will go to just about every other website I can think of. This problem is over my head, I need your help.

Here is her DDS file;

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Colleen at 19:34:51 on 2012-02-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6373 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
-netsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.juno.com/start/sp.do
uInternet Settings,ProxyServer = http=127.0.0.1:52242
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - No File
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORGET~1.LNK - C:\Program Files (x86)\Broderbund\AG CreataCard\AGRemind.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKE~1.LNK - C:\Program Files (x86)\Quicken\bagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6E79FEC0-FF79-4970-96E4-EEFF300A9B9F} : NameServer = 205.171.3.65,205.171.2.65
TCP: Interfaces\{6E79FEC0-FF79-4970-96E4-EEFF300A9B9F} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - No File
BHO-X64: RivalGaming Games - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-9-20 635416]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/09/20 10:33:50;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-9-20 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-25 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-25 136176]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-12 01:32:27 388096 ----a-r- C:\Users\Colleen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-12 01:32:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-11 20:42:30 -------- d-----w- C:\ProgramData\Recovery
2012-02-11 20:39:11 20480 ----a-w- C:\Windows\svchost.exe
2012-02-11 20:38:57 -------- d-----w- C:\$RECYCLE.BIN
2012-02-11 19:36:31 98816 ----a-w- C:\Windows\sed.exe
2012-02-11 19:36:31 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-11 19:36:31 256000 ----a-w- C:\Windows\PEV.exe
2012-02-11 19:36:31 208896 ----a-w- C:\Windows\MBR.exe
2012-02-11 19:18:08 -------- d-----w- C:\New folder (2)
2012-02-11 19:17:40 -------- d-----w- C:\Trend Micro
2012-02-11 15:32:44 -------- d--h--w- C:\Users\Colleen\AppData\Roaming\1E39D
2012-02-11 15:32:43 99840 ---ha-w- C:\Users\Colleen\AppData\Roaming\Microsoft\E5FB\BCA9.tmp
2012-02-11 15:32:33 -------- d--h--w- C:\Users\Colleen\AppData\Roaming\BCA1E
2012-02-10 05:44:30 -------- d-----w- C:\Program Files (x86)\1E39D
2012-02-07 21:11:51 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\EB92.tmp
2012-02-07 21:11:51 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\EB81.tmp
2012-02-07 21:11:51 131072 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\EB81.tmp.dat
2012-02-05 03:03:01 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-15 21:39:06 -------- d-----w- C:\Program Files (x86)\Dogpile Bundle Toolbar
2012-01-15 21:39:01 -------- d-----w- C:\Program Files (x86)\RivalGaming
.
==================== Find3M ====================
.
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 19:36:04.28 ===============


And the Attach file;

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2010 2:28:24 PM
System Uptime: 2/11/2012 7:27:53 PM (0 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Phenom(tm) II X6 1045T Processor | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 842.284 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.472 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP141: 1/29/2012 7:00:04 PM - Windows Backup
RP142: 1/31/2012 3:00:12 AM - Windows Update
RP143: 2/4/2012 9:03:10 PM - Installed HP Support Assistant
RP144: 2/4/2012 9:07:09 PM - Windows Modules Installer
RP145: 2/4/2012 9:08:02 PM - Windows Modules Installer
RP146: 2/5/2012 7:00:05 PM - Windows Backup
RP147: 2/7/2012 7:25:07 PM - Windows Update
RP148: 2/9/2012 11:45:10 PM - Removed AVG 2012
RP149: 2/9/2012 11:46:33 PM - Removed AVG 2012
RP150: 2/11/2012 1:30:58 PM - Installed HiJackThis
RP151: 2/11/2012 7:32:03 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.6
American Greetings CreataCard Gold 6
AVG Security Toolbar
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
Build-a-lot 2
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon Easy-WebPrint EX
Canon MG8100 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dogpile Bundle Toolbar
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
EPSON Scan
Escape Rosecliff Island
FATE
Final Drive Nitro
Google Toolbar for Internet Explorer
Google Update Helper
Groone's Recipe Holder
Heroes of Hellas 2 - Olympia
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Information
HP Update
Hulu Desktop
HydraVision
Java Auto Updater
Java(TM) 6 Update 23
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
Memeo Instant Backup
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office 97, Professional Edition
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft WSE 3.0 Runtime
MindDabble
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDF Complete Special Edition
Penguins!
PhotoNow!
Picasa 3
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Quicken 2004
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
RivalGaming
Roxio CinemaNow 2.0
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 5.6
Ulead PhotoImpact 5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.5
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
2/11/2012 9:42:53 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
2/11/2012 7:29:15 PM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
2/11/2012 7:28:57 PM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
2/11/2012 2:38:36 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
2/11/2012 2:37:15 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/11/2012 2:36:39 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/11/2012 1:03:10 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
2/11/2012 1:01:51 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
2/11/2012 1:01:46 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
2/11/2012 1:01:42 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
2/11/2012 1:01:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a000994000, 0x0000000000000000, 0xfffff80001f2738e, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\021112-31995-01.dmp. Report Id: 021112-31995-01.
2/10/2012 12:00:45 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{136dc880-c4ec-11df-849d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9B7BED1D-CD48-4E52-BBCB-EB467371CFC6}' was corrupted and it has been recovered. Some data might have been lost.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Mon Feb 13, 2012 8:38 am    Post subject: Reply with quote

Hi and welcome to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Quick question.. are you aware of this ProxyServer, did you set it?
Quote:
ProxyServer = http=127.0.0.1:52242

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Quote:
AVG Security Toolbar
Coupon Printer for Windows << only remove if you don't use
Dogpile Bundle Toolbar
Java(TM) 6 Update 23

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply
  • OTL.txt and Extra.txt contents.
  • ESET log.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Mon Feb 13, 2012 10:33 am    Post subject: Reply with quote

Thank you for your help Cypher. My mother is a nearly 80 year old grey haired little old lady and she's driving me nuts with her computer issues. Smile

I did not know Mom's computer had a proxy server, I'm sure she didn't set it and neither did I.

Her computer now has no internet access at all. When I go into the network and sharing center it says its connected to an unknown network.

I downloaded OTL and EST online scanner on my computer then used a thumb drive (which I locked to read only before connecting it to her computer) to get OTL and EST online scanner on her computer. The OTL ran successfully, but EST online scanner did not. Can I safely put the two OTL txt files, OTL.txt and Extra.txt on my thumb drive without infecting my own computer so I can post them back here? I don't want what ever bug-a-boo she's got on her computer, on mine.

Thanks,

Rennix
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Mon Feb 13, 2012 11:20 am    Post subject: Reply with quote

Hi Rennix,
Quote:
Thank you for your help Cypher.

You're most welcome.
Ok change of plan, please continue to use your thumb drive to transfere the tools to the infected computer.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Mon Feb 13, 2012 11:56 am    Post subject: Reply with quote

I was not able to disable either AVG 2012, or Windows 7 firewall. AVG 2012 wasn't even showing up in the system tray and when I tried to launch the program from Start/All Programs, nothing happened. ComboFix successfully ran. I'll post ComboFix.txt in just a moment....
Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Mon Feb 13, 2012 12:03 pm    Post subject: Reply with quote

I guess I won't post the ComboFix.txt file. When I launched Internet Explorer I got an error, "Illegal operation attempted on a registry key that has been marked for deletion."
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Tue Feb 14, 2012 3:23 am    Post subject: Reply with quote

Hi Rennix,
If you haven't done so already reboot the computer, that should resolve the problem with Internet Explorer .
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Tue Feb 14, 2012 8:24 am    Post subject: Reply with quote

Rebooting took care of that problem, thank you.

Here's the ComboFix.txt file;

ComboFix 12-02-11.03 - Colleen 02/13/2012 13:43:42.3.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6126 [GMT -6:00]
Running from: c:\users\Colleen\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-13 19:50 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-02-13 19:48 . 2012-02-13 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 18:09 . 2012-02-13 18:09 -------- d-----w- c:\program files (x86)\ESET
2012-02-12 01:32 . 2012-02-12 01:32 388096 ----a-r- c:\users\Colleen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-12 01:32 . 2012-02-12 01:32 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-11 20:42 . 2012-02-12 03:27 -------- d-----w- c:\programdata\Recovery
2012-02-11 19:18 . 2012-02-11 19:18 -------- d-----w- C:\New folder (2)
2012-02-11 19:17 . 2012-02-11 19:20 -------- d-----w- C:\Trend Micro
2012-02-11 15:32 . 2012-02-11 20:28 -------- d--h--w- c:\users\Colleen\AppData\Roaming\1E39D
2012-02-11 15:32 . 2012-02-11 15:32 99840 ---ha-w- c:\users\Colleen\AppData\Roaming\Microsoft\E5FB\BCA9.tmp
2012-02-11 15:32 . 2012-02-11 20:28 -------- d--h--w- c:\users\Colleen\AppData\Roaming\BCA1E
2012-02-10 05:46 . 2012-02-10 05:47 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-02-10 05:44 . 2012-02-11 19:18 -------- d-----w- c:\program files (x86)\1E39D
2012-02-07 21:24 . 2012-02-07 21:24 -------- d-----w- c:\windows\Sun
2012-02-07 21:11 . 2012-02-07 21:11 6656 ---ha-w- c:\programdata\Microsoft\Windows\DRM\EB92.tmp
2012-02-07 21:11 . 2012-02-07 21:11 6656 ---ha-w- c:\programdata\Microsoft\Windows\DRM\EB81.tmp
2012-02-05 03:03 . 2012-02-05 03:03 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-15 21:39 . 2012-01-31 04:34 -------- d-----w- c:\program files (x86)\RivalGaming
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2011-03-25 01:48 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-14 08:39 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 18:16 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 18:16 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:41 . 2012-01-11 18:16 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:38 . 2012-01-11 18:16 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-11_20.07.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-11 20:05 . 2012-02-11 20:05 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-02-13 19:48 . 2012-02-13 19:48 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-02-11 19:03 . 2012-02-11 20:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-11 19:03 . 2012-02-13 19:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-02-11 20:07 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-13 19:50 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-11 20:07 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-13 19:50 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-29 20:30 . 2012-02-12 01:31 56292 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-12 01:31 35042 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-30 20:51 . 2012-02-12 01:31 10290 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3669529631-1349151726-661693113-1001_UserData.bin
- 2010-12-30 11:24 . 2012-02-11 19:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-30 11:24 . 2012-02-13 11:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-30 11:24 . 2012-02-11 19:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-30 11:24 . 2012-02-13 11:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-13 11:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-11 19:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-29 20:36 . 2012-02-12 01:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-29 20:36 . 2012-02-11 19:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-02-11 20:15 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-12-29 20:36 . 2012-02-12 01:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-29 20:36 . 2012-02-11 19:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-29 20:36 . 2012-02-11 19:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-29 20:36 . 2012-02-12 01:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-30 03:37 . 2012-02-11 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-30 03:37 . 2012-02-13 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-30 03:37 . 2012-02-11 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-30 03:37 . 2012-02-13 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-11 20:06 . 2012-02-11 20:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-13 19:49 . 2012-02-13 19:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-11 20:06 . 2012-02-11 20:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-13 19:49 . 2012-02-13 19:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-02-03 18:51 624384 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-13 18:08 624384 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-13 18:08 106502 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-03 18:51 106502 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-02-13 19:48 289152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-11 20:05 289152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-11 20:07 2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-13 19:50 2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-30 20:46 . 2012-02-11 20:37 1007536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-12-30 20:46 . 2012-02-11 20:05 1488756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3669529631-1349151726-661693113-1001-8192.dat
+ 2010-12-30 20:46 . 2012-02-13 19:48 1488756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3669529631-1349151726-661693113-1001-8192.dat
+ 2012-02-11 19:27 . 2012-02-11 19:27 1402880 c:\windows\Installer\40f7d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Forget Me Not.lnk - c:\program files (x86)\Broderbund\AG CreataCard\AGRemind.exe [2010-12-31 323584]
Quicken Scheduled Updates.lnk - c:\program files (x86)\Quicken\bagent.exe [2003-7-29 57344]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/09/20 10:33;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 136176]
R2 mrtRate;mrtRate; [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 136176]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-18 909152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 02:07]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 02:07]
.
2012-02-11 c:\windows\Tasks\HPCeeScheduleForColleen.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.juno.com/start/sp.do
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:52242
TCP: Interfaces\{6E79FEC0-FF79-4970-96E4-EEFF300A9B9F}: NameServer = 205.171.3.65,205.171.2.65
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{26D675AC-D925-4bbf-A720-62C2AA4A81EB} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-02-13 13:54:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-13 19:54
ComboFix2.txt 2012-02-11 20:43
ComboFix3.txt 2012-02-11 20:11
.
Pre-Run: 906,202,054,656 bytes free
Post-Run: 905,778,118,656 bytes free
.
- - End Of File - - B6E5E1B3CB702331169B75A20D94106E
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Tue Feb 14, 2012 10:00 am    Post subject: Reply with quote

Hi Rennix,
Good work so far, does your mothers computer still have no internet access?
Please run OTL as you did previously and post the resulting logs.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Tue Feb 14, 2012 12:54 pm    Post subject: Reply with quote

Hello Cypher,

Yes the internet is going again, at least for now....

I was able to run OTL and will attach the two text files. I anticipated that you were going to have me run ESET Online Scanner as well and did that one too, I'll attach that log also.

OTL logfile created on: 2/14/2012 12:15:04 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Colleen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.12% Memory free
16.00 Gb Paging File | 14.12 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.30 Gb Total Space | 844.00 Gb Free Space | 91.81% Space Free | Partition Type: NTFS
Drive D: | 12.10 Gb Total Space | 1.47 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive J: | 30.91 Mb Total Space | 28.14 Mb Free Space | 91.03% Space Free | Partition Type: FAT

Computer Name: COLLEEN-HP | User Name: Colleen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/13 12:01:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Colleen\Desktop\OTL.exe
PRC - [2012/01/18 04:20:24 | 000,909,152 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/01/09 23:32:33 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/01 10:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 10:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/24 12:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/06/17 17:59:40 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/06/12 19:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/10/14 16:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/08 03:07:04 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
MOD - [2012/01/08 03:04:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/08 03:04:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 02:35:05 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/14 02:30:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 02:30:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/10/14 02:29:55 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/10/14 02:29:46 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/14 02:29:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:29:29 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/14 02:29:26 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/14 02:29:26 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/14 02:29:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/14 02:29:11 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 02:29:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/14 02:29:07 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 02:29:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/01 10:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 10:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 10:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 10:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/01/24 12:35:58 | 002,896,608 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/01/24 12:35:54 | 000,026,848 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/01/24 12:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/06/17 18:11:58 | 001,699,384 | ---- | M] () -- C:\Users\Colleen\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/06/17 18:00:10 | 012,286,520 | ---- | M] () -- C:\Users\Colleen\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010/03/22 16:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll
MOD - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [1996/11/17 00:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\SysWOW64\DOCOBJ.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/08 01:51:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/18 04:20:24 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/24 12:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/29 21:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/06/12 19:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 17:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 16:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 05:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/08 02:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 01:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/07 17:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/05 22:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 22:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/18 21:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62182

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62182



IE - HKU\S-1-5-21-3669529631-1349151726-661693113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/start/sp.do
IE - HKU\S-1-5-21-3669529631-1349151726-661693113-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3669529631-1349151726-661693113-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3669529631-1349151726-661693113-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52242

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/11 14:55:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4pffxtbr@MindDabble_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2012/01/31 17:36:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/02/11 14:55:59 | 000,000,000 | ---D | M]

[2012/02/11 14:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colleen\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2012/02/13 13:50:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll File not found
O3:64bit: - HKU\S-1-5-21-3669529631-1349151726-661693113-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3669529631-1349151726-661693113-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3669529631-1349151726-661693113-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3669529631-1349151726-661693113-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3669529631-1349151726-661693113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E79FEC0-FF79-4970-96E4-EEFF300A9B9F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E79FEC0-FF79-4970-96E4-EEFF300A9B9F}: NameServer = 205.171.3.65,205.171.2.65
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 13:54:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/13 13:50:43 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/02/13 13:50:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/13 12:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/13 12:07:39 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Colleen\Desktop\esetsmartinstaller_enu.exe
[2012/02/13 12:07:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Colleen\Desktop\OTL.exe
[2012/02/11 19:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/11 19:32:27 | 000,000,000 | ---D | C] -- C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/11 14:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012/02/11 13:36:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/11 13:36:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/11 13:36:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/11 13:36:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/11 13:34:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/11 13:18:08 | 000,000,000 | ---D | C] -- C:\New folder (2)
[2012/02/11 13:17:40 | 000,000,000 | ---D | C] -- C:\Trend Micro
[2012/02/11 09:32:44 | 000,000,000 | -H-D | C] -- C:\Users\Colleen\AppData\Roaming\1E39D
[2012/02/11 09:32:33 | 000,000,000 | -H-D | C] -- C:\Users\Colleen\AppData\Roaming\BCA1E
[2012/02/09 23:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1E39D
[2012/02/07 19:31:35 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/07 15:24:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/04 21:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/01/31 00:36:55 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 00:36:55 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 00:36:55 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 00:36:55 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 00:36:55 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/31 00:36:55 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/15 15:39:02 | 000,000,000 | ---D | C] -- C:\Users\Colleen\AppData\Roaming\Mozilla
[2012/01/15 15:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivalGaming

========== Files - Modified Within 30 Days ==========

[2012/02/14 11:34:10 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/14 10:06:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 10:06:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 09:58:37 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/14 09:58:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/14 09:57:51 | 2146,918,399 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/13 13:50:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/13 12:08:33 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/13 12:08:33 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/13 12:08:33 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/13 12:04:50 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Colleen\Desktop\esetsmartinstaller_enu.exe
[2012/02/13 12:01:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Colleen\Desktop\OTL.exe
[2012/02/11 19:32:27 | 000,002,985 | ---- | M] () -- C:\Users\Colleen\Desktop\HiJackThis.lnk
[2012/02/11 13:01:36 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForColleen.job
[2012/02/07 19:41:47 | 001,000,165 | -H-- | M] () -- C:\Users\Colleen\AppData\Local\census.cache
[2012/02/07 19:41:33 | 000,105,464 | -H-- | M] () -- C:\Users\Colleen\AppData\Local\ars.cache
[2012/02/07 19:31:35 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/04 17:05:09 | 088,181,301 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/01 17:02:00 | 000,297,088 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/01 08:48:35 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/31 12:57:16 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 16:50:04 | 000,018,944 | ---- | M] () -- C:\Users\Colleen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/02/11 19:32:27 | 000,002,985 | ---- | C] () -- C:\Users\Colleen\Desktop\HiJackThis.lnk
[2012/02/11 13:36:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/11 13:36:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/11 13:36:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/11 13:36:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/11 13:36:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/31 17:47:52 | 001,000,165 | -H-- | C] () -- C:\Users\Colleen\AppData\Local\census.cache
[2012/01/31 17:47:48 | 000,105,464 | -H-- | C] () -- C:\Users\Colleen\AppData\Local\ars.cache
[2012/01/31 12:57:16 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/18 02:30:17 | 000,001,432 | -HS- | C] () -- C:\Users\Colleen\AppData\Local\aefdhb4f6rpj8dih7lxn3t445l0k
[2011/12/18 02:30:17 | 000,001,432 | -HS- | C] () -- C:\ProgramData\aefdhb4f6rpj8dih7lxn3t445l0k
[2011/12/10 02:28:24 | 000,001,456 | -HS- | C] () -- C:\Users\Colleen\AppData\Local\phlxhr7v6qlt6qee4dcb1l078y5x
[2011/12/10 02:28:24 | 000,001,456 | -HS- | C] () -- C:\ProgramData\phlxhr7v6qlt6qee4dcb1l078y5x
[2011/07/22 15:17:40 | 000,059,232 | ---- | C] () -- C:\Windows\SysWow64\CNC8100W.DAT
[2011/06/04 19:15:12 | 000,018,944 | ---- | C] () -- C:\Users\Colleen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/25 09:32:17 | 000,000,036 | -H-- | C] () -- C:\Users\Colleen\AppData\Local\housecall.guid.cache
[2011/02/06 20:53:16 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/31 16:02:53 | 000,001,034 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/12/31 15:57:14 | 000,000,025 | ---- | C] () -- C:\Windows\PERFV100V350.ini
[2010/12/30 16:32:33 | 000,004,770 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010/12/30 16:21:02 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2010/12/30 16:21:01 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/12/30 16:21:01 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/28 14:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/09/20 11:25:59 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/09/20 11:16:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1996/11/17 00:00:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1996/11/17 00:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

< End of report >

OTL Extras logfile created on: 2/14/2012 12:15:04 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Colleen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.12% Memory free
16.00 Gb Paging File | 14.12 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.30 Gb Total Space | 844.00 Gb Free Space | 91.81% Space Free | Partition Type: NTFS
Drive D: | 12.10 Gb Total Space | 1.47 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive J: | 30.91 Mb Total Space | 28.14 Mb Free Space | 91.03% Space Free | Partition Type: FAT

Computer Name: COLLEEN-HP | User Name: Colleen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series" = Canon MG8100 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{422DAAC6-8E99-ED2E-CD46-0DEEE1A09EF8}" = ATI Catalyst Install Manager
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7BE6B345-6BD9-492E-A440-A32D12AB2EF3}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8AC3CFAD-B8C0-668C-8761-920A63B1B574}" = ccc-utility64
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0935B1FB-71D5-D1F7-9045-F44394E3FBDA}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{13F0CFEB-1131-4DC1-5DEF-7E0F91858D99}" = CCC Help Finnish
"{18166604-72E6-F535-B9E9-4D8EF2C599C8}" = CCC Help Polish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4B59F-A887-9A3B-C4CD-871A333AE838}" = CCC Help Thai
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C8E0A7E-2707-8E5F-BFCD-AE3CD1EB528E}" = Catalyst Control Center Graphics Previews Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23D18B1A-8B73-73AB-DE37-929A14A524F8}" = CCC Help Russian
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{289FF83C-14F2-F82F-C478-9342170C5029}" = CCC Help Chinese Traditional
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4
"{2E238AA5-5B07-DEBF-4B9B-50FD33D108A2}" = CCC Help Japanese
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B341D0B-E84E-EFF7-9665-553E0315DC8E}" = CCC Help Turkish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{59E5D73C-E574-1C9A-CB26-0AA0D7298C31}" = Catalyst Control Center Graphics Previews Common
"{5D729989-59A9-591A-6419-08444EEAEDB3}" = CCC Help Portuguese
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7D29228E-ECCC-055E-F0DF-3D52831D90D8}" = CCC Help Spanish
"{7F421DF0-AFD5-CA29-0F36-7E1F006150FA}" = CCC Help Hungarian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{822C792C-371F-0990-14EE-C1583E4CE2E0}" = ccc-core-static
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8614FEE9-1E19-9A56-E445-E9F14178B7F2}" = CCC Help Greek
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B026F59-3DB2-97C6-538D-0326B8855080}" = CCC Help Korean
"{8B41F2D9-B924-F249-CDFA-6792B4F58A34}" = CCC Help French
"{8BFB1992-45FC-BAAB-6AE3-69306202B584}" = CCC Help Swedish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CB19DF9-B209-E0B4-D541-AB171E65135E}" = Catalyst Control Center InstallProxy
"{8DC9EAD2-B869-A5C6-AEDB-35700F1444F4}" = CCC Help Chinese Standard
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{954A99E7-D1BB-936A-FAEA-7E5A999D1506}" = CCC Help Italian
"{9770A25C-45A7-478E-AF50-4FDE53EED270}" = American Greetings CreataCard Gold 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D6EA97-E688-417B-0A39-3E77AE60AA43}" = Catalyst Control Center Localization All
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BC702A05-A75D-F845-FC9D-ED37A04F78B8}" = CCC Help German
"{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
"{BED677E3-F67A-15E5-45F3-76D61D245EDF}" = CCC Help English
"{C07FEFB3-D039-182C-8D27-AF2852C70015}" = HydraVision
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C50ADEEF-AAAC-76BF-D9A0-E7BED8D855A8}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9390EF1-CBB2-4B06-A24C-73C03C8D2E2C}" = Catalyst Control Center - Branding
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E64A3228-2FDC-8A9D-F69F-E7AED8938C7D}" = CCC Help Dutch
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEA6954A-0B3E-C230-FBD2-B7A2926C0013}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG8100 series User Registration" = Canon MG8100 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EPSON Scanner" = EPSON Scan
"Groone's Recipe Holder" = Groone's Recipe Holder
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MindDabble_4pbar Uninstall" = MindDabble
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office8.0" = Microsoft Office 97, Professional Edition
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"RivalGaming" = RivalGaming
"Ulead PhotoImpact 5.0" = Ulead PhotoImpact 5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3669529631-1349151726-661693113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2012 6:02:38 AM | Computer Name = Colleen-HP | Source = Application Error | ID = 1000
Description = Faulting application name: ycctgkb.exe, version: 0.0.0.0, time stamp:
0x4f323876 Faulting module name: ycctgkb.exe, version: 0.0.0.0, time stamp: 0x4f323876
Exception
code: 0xc0000005 Fault offset: 0x00001407 Faulting process id: 0xe74 Faulting application
start time: 0x01cce648c9f69528 Faulting application path: C:\Windows\TEMP\ycctgkb.exe
Faulting
module path: C:\Windows\TEMP\ycctgkb.exe Report Id: 07c53720-523c-11e1-9aff-6431501a5e5f

Error - 2/8/2012 6:02:39 AM | Computer Name = Colleen-HP | Source = Application Error | ID = 1000
Description = Faulting application name: hdgfsh.exe, version: 0.0.0.0, time stamp:
0x4f323876 Faulting module name: hdgfsh.exe, version: 0.0.0.0, time stamp: 0x4f323876
Exception
code: 0xc0000005 Fault offset: 0x00001407 Faulting process id: 0x1a2
Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Tue Feb 14, 2012 12:58 pm    Post subject: Reply with quote

OTL Extras logfile created on: 2/14/2012 12:15:04 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Colleen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.12% Memory free
16.00 Gb Paging File | 14.12 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.30 Gb Total Space | 844.00 Gb Free Space | 91.81% Space Free | Partition Type: NTFS
Drive D: | 12.10 Gb Total Space | 1.47 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive J: | 30.91 Mb Total Space | 28.14 Mb Free Space | 91.03% Space Free | Partition Type: FAT

Computer Name: COLLEEN-HP | User Name: Colleen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series" = Canon MG8100 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{422DAAC6-8E99-ED2E-CD46-0DEEE1A09EF8}" = ATI Catalyst Install Manager
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7BE6B345-6BD9-492E-A440-A32D12AB2EF3}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8AC3CFAD-B8C0-668C-8761-920A63B1B574}" = ccc-utility64
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0935B1FB-71D5-D1F7-9045-F44394E3FBDA}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{13F0CFEB-1131-4DC1-5DEF-7E0F91858D99}" = CCC Help Finnish
"{18166604-72E6-F535-B9E9-4D8EF2C599C8}" = CCC Help Polish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4B59F-A887-9A3B-C4CD-871A333AE838}" = CCC Help Thai
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C8E0A7E-2707-8E5F-BFCD-AE3CD1EB528E}" = Catalyst Control Center Graphics Previews Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23D18B1A-8B73-73AB-DE37-929A14A524F8}" = CCC Help Russian
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{289FF83C-14F2-F82F-C478-9342170C5029}" = CCC Help Chinese Traditional
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4
"{2E238AA5-5B07-DEBF-4B9B-50FD33D108A2}" = CCC Help Japanese
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B341D0B-E84E-EFF7-9665-553E0315DC8E}" = CCC Help Turkish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{59E5D73C-E574-1C9A-CB26-0AA0D7298C31}" = Catalyst Control Center Graphics Previews Common
"{5D729989-59A9-591A-6419-08444EEAEDB3}" = CCC Help Portuguese
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7D29228E-ECCC-055E-F0DF-3D52831D90D8}" = CCC Help Spanish
"{7F421DF0-AFD5-CA29-0F36-7E1F006150FA}" = CCC Help Hungarian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{822C792C-371F-0990-14EE-C1583E4CE2E0}" = ccc-core-static
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8614FEE9-1E19-9A56-E445-E9F14178B7F2}" = CCC Help Greek
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B026F59-3DB2-97C6-538D-0326B8855080}" = CCC Help Korean
"{8B41F2D9-B924-F249-CDFA-6792B4F58A34}" = CCC Help French
"{8BFB1992-45FC-BAAB-6AE3-69306202B584}" = CCC Help Swedish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CB19DF9-B209-E0B4-D541-AB171E65135E}" = Catalyst Control Center InstallProxy
"{8DC9EAD2-B869-A5C6-AEDB-35700F1444F4}" = CCC Help Chinese Standard
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{954A99E7-D1BB-936A-FAEA-7E5A999D1506}" = CCC Help Italian
"{9770A25C-45A7-478E-AF50-4FDE53EED270}" = American Greetings CreataCard Gold 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D6EA97-E688-417B-0A39-3E77AE60AA43}" = Catalyst Control Center Localization All
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BC702A05-A75D-F845-FC9D-ED37A04F78B8}" = CCC Help German
"{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
"{BED677E3-F67A-15E5-45F3-76D61D245EDF}" = CCC Help English
"{C07FEFB3-D039-182C-8D27-AF2852C70015}" = HydraVision
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C50ADEEF-AAAC-76BF-D9A0-E7BED8D855A8}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9390EF1-CBB2-4B06-A24C-73C03C8D2E2C}" = Catalyst Control Center - Branding
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E64A3228-2FDC-8A9D-F69F-E7AED8938C7D}" = CCC Help Dutch
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEA6954A-0B3E-C230-FBD2-B7A2926C0013}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG8100 series User Registration" = Canon MG8100 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EPSON Scanner" = EPSON Scan
"Groone's Recipe Holder" = Groone's Recipe Holder
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MindDabble_4pbar Uninstall" = MindDabble
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office8.0" = Microsoft Office 97, Professional Edition
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"RivalGaming" = RivalGaming
"Ulead PhotoImpact 5.0" = Ulead PhotoImpact 5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3669529631-1349151726-661693113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2012 6:02:38 AM | Computer Name = Colleen-HP | Source = Application Error | ID = 1000
Description = Faulting application name: ycctgkb.exe, version: 0.0.0.0, time stamp:
0x4f323876 Faulting module name: ycctgkb.exe, version: 0.0.0.0, time stamp: 0x4f323876
Exception
code: 0xc0000005 Fault offset: 0x00001407 Faulting process id: 0xe74 Faulting application
start time: 0x01cce648c9f69528 Faulting application path: C:\Windows\TEMP\ycctgkb.exe
Faulting
module path: C:\Windows\TEMP\ycctgkb.exe Report Id: 07c53720-523c-11e1-9aff-6431501a5e5f

Error - 2/8/2012 6:02:39 AM | Computer Name = Colleen-HP | Source = Application Error | ID = 1000
Description = Faulting application name: hdgfsh.exe, version: 0.0.0.0, time stamp:
0x4f323876 Faulting module name: hdgfsh.exe, version: 0.0.0.0, time stamp: 0x4f323876
Exception
code: 0xc0000005 Fault offset: 0x00001407 Faulting process id: 0x1a24 Faulting application
start time: 0x01cce648ca348970 Faulting application path: C:\Windows\TEMP\hdgfsh.exe
Faulting
module path: C:\Windows\TEMP\hdgfsh.exe Report Id: 07f8f212-523c-11e1-9aff-6431501a5e5f

Error - 2/8/2012 10:11:48 AM | Computer Name = Colleen-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e211319 Exception code: 0xc0000002 Fault offset: 0x0000b9bc Faulting
process id: 0x1a38 Faulting application start time: 0x01cce632494537a4 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: d6a0467a-525e-11e1-9aff-6431501a5e5f

Error - 2/9/2012 2:31:20 AM | Computer Name = Colleen-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/9/2012 5:07:49 AM | Computer Name = Colleen-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16440, time
stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x000591a5 Faulting process
id: 0xefc Faulting application start time: 0x01cce6b93e5d5777 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report
Id: 8993537d-52fd-11e1-9397-6431501a5e5f

Error - 2/9/2012 2:06:31 PM | Computer Name = Colleen-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0xab7e856e Faulting process id: 0x21d0 Faulting application
start time: 0x01cce70a7bd74e37 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: cae1015a-5348-11e1-9397-6431501a5e5f

Error - 2/9/2012 5:35:31 PM | Computer Name = Colleen-HP | Source = Application Error | ID = 1000
Description = Faulting application name: WINWORD.EXE, version: 8.0.0.3514, time
stamp: 0x328ca971 Faulting module name: WINWORD.EXE, version: 8.0.0.3514, time stamp:
0x328ca971 Exception code: 0xc0000005 Fault offset: 0x0019ec5d Faulting process id:
0x1c7c Faulting application start time: 0x01cce75c29096ede Faulting application path:
C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE Faulting module path:
C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE Report Id: fd3a6c0a-5365-11e1-9397-6431501a5e5f

Error - 2/10/2012 2:30:13 AM | Computer Name = Colleen-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/11/2012 2:30:12 AM | Computer Name = Colleen-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/11/2012 11:48:14 AM | Computer Name = Colleen-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: A connection with the server could not be established

[ System Events ]
Error - 7/26/2011 1:33:30 PM | Computer Name = Colleen-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/26/2011 2:13:23 PM | Computer Name = Colleen-HP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/26/2011 7:04:17 PM | Computer Name = Colleen-HP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/4/2011 3:18:05 AM | Computer Name = Colleen-HP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/6/2011 4:57:52 PM | Computer Name = Colleen-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:06:28 AM on ?8/?6/?2011 was unexpected.

Error - 8/6/2011 4:58:38 PM | Computer Name = Colleen-HP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/11/2011 4:26:56 AM | Computer Name = Colleen-HP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/14/2011 9:45:14 PM | Computer Name = Colleen-HP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/16/2011 9:25:05 PM | Computer Name = Colleen-HP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/17/2011 10:34:43 PM | Computer Name = Colleen-HP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2


< End of report >
Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Tue Feb 14, 2012 12:59 pm    Post subject: Reply with quote

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ddb8b8e7ae7054289183abc75dca2ed
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-14 07:33:08
# local_time=2012-02-14 01:33:08 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 168110 168110 0 0
# compatibility_mode=5893 16776574 100 94 19091752 80787761 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=227759
# found=19
# cleaned=0
# scan_time=3689
C:\Program Files (x86)\1E39D\lvvm.exe a variant of Win32/Kryptik.AAJB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\RivalGaming\Uninstaller.exe a variant of Win32/Adware.Gamevance.BO application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Microsoft\Windows\DRM\EB81.tmp Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Microsoft\Windows\DRM\EB81.tmp.dat a variant of Win32/Kryptik.AAKQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Microsoft\Windows\DRM\EB92.tmp Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\LP\E5FB\150.exe.vir Win32/Cycbot.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\LP\E5FB\5BE.tmp.vir a variant of Win32/Kryptik.AKF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\LP\E5FB\5F9D.tmp.vir Win32/PSW.Agent.NTM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Colleen\AppData\Local\bks.exe.vir a variant of Win32/Kryptik.XAN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Colleen\AppData\Local\djj.exe.vir a variant of Win32/Kryptik.XOD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Microsoft\Windows\DRM\EB81.tmp Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Microsoft\Windows\DRM\EB81.tmp.dat a variant of Win32/Kryptik.AAKQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Microsoft\Windows\DRM\EB92.tmp Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bec11ca-23762365 Java/Exploit.CVE-2011-3544.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7b2707d0-3ba9d930 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\d189d59-283af859 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Colleen\AppData\Roaming\Microsoft\E5FB\BCA9.tmp a variant of Win32/Kryptik.AKF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\Roaming\BCA1E\1A5E5.exe a variant of Win32/Kryptik.AANM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BCA1E\1A5E5.exe a variant of Win32/Kryptik.AANM trojan (unable to clean) 00000000000000000000000000000000 I
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Wed Feb 15, 2012 3:01 am    Post subject: Reply with quote

Hi Rennix,
You're doing great so far Big Thumb Up
Do the following then let me know how your mothers computer is performing.

We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :processes
    killallprocesses

    :otl
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62182
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62182
    IE - HKU\S-1-5-21-3669529631-1349151726-661693113-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52242
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
    O2 - BHO: (no name) - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - No CLSID value found.
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll File not found

    :files
    c:\users\Colleen\AppData\Roaming\Microsoft\E5FB\BCA9.tmp
    c:\programdata\Microsoft\Windows\DRM\EB92.tmp
    c:\programdata\Microsoft\Windows\DRM\EB81.tmp
    C:\Users\Colleen\AppData\Local\aefdhb4f6rpj8dih7lxn3t445l0k
    C:\ProgramData\aefdhb4f6rpj8dih7lxn3t445l0k
    C:\Users\Colleen\AppData\Local\phlxhr7v6qlt6qee4dcb1l078y5x
    C:\ProgramData\phlxhr7v6qlt6qee4dcb1l078y5x
    C:\Program Files (x86)\1E39D\lvvm.exe
    C:\Program Files (x86)\RivalGaming\Uninstaller.exe
    C:\ProgramData\Microsoft\Windows\DRM\EB81.tmp.dat
    C:\Users\All Users\Microsoft\Windows\DRM\EB81.tmp
    C:\Users\All Users\Microsoft\Windows\DRM\EB81.tmp.dat
    C:\Users\All Users\Microsoft\Windows\DRM\EB92.tmp
    C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bec11ca-23762365
    C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7b2707d0-3ba9d930
    C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\d189d59-283af859
    C:\Users\Colleen\AppData\Roaming\Microsoft\E5FB\BCA9.tmp
    C:\Windows\System32\config\systemprofile\AppData\Roaming\BCA1E\1A5E5.exe
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BCA1E\1A5E5.exe
    ipconfig /flushdns /c

    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [resethosts]
    [clearallrestorepoints]
    [REBOOT]


  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Logs/Information to Post in your Next Reply
  • OTL fix log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Wed Feb 15, 2012 7:38 am    Post subject: Reply with quote

Hello Cypher,

Couple of things before I post the OTL output. Mom's got a Seagate FreeAgent GoFlex 500GB USB external drive that backs up her user files. It's been disconnected for the last couple of days. I have to figure that the external drive is infected with what ever is on her computer as well. How do you want to handle that?

Internet Explorer still cannot connect to google.com. I'm still getting the "Oops! Internet Explorer could not find www.google.com" error.


All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-3669529631-1349151726-661693113-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
========== FILES ==========
c:\users\Colleen\AppData\Roaming\Microsoft\E5FB\BCA9.tmp moved successfully.
c:\programdata\Microsoft\Windows\DRM\EB92.tmp moved successfully.
c:\programdata\Microsoft\Windows\DRM\EB81.tmp moved successfully.
C:\Users\Colleen\AppData\Local\aefdhb4f6rpj8dih7lxn3t445l0k moved successfully.
C:\ProgramData\aefdhb4f6rpj8dih7lxn3t445l0k moved successfully.
C:\Users\Colleen\AppData\Local\phlxhr7v6qlt6qee4dcb1l078y5x moved successfully.
C:\ProgramData\phlxhr7v6qlt6qee4dcb1l078y5x moved successfully.
C:\Program Files (x86)\1E39D\lvvm.exe moved successfully.
C:\Program Files (x86)\RivalGaming\Uninstaller.exe moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\EB81.tmp.dat moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\EB81.tmp not found.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\EB81.tmp.dat not found.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\EB92.tmp not found.
C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bec11ca-23762365 moved successfully.
C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7b2707d0-3ba9d930 moved successfully.
C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\d189d59-283af859 moved successfully.
File\Folder C:\Users\Colleen\AppData\Roaming\Microsoft\E5FB\BCA9.tmp not found.
C:\Windows\System32\config\systemprofile\AppData\Roaming\BCA1E\1A5E5.exe moved successfully.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BCA1E\1A5E5.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Colleen\Desktop\cmd.bat deleted successfully.
C:\Users\Colleen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Colleen
->Flash cache emptied: 147426 bytes

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Colleen
->Temp folder emptied: 51905 bytes
->Temporary Internet Files folder emptied: 284068092 bytes
->Java cache emptied: 22593825 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44836 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 293.00 mb


[EMPTYJAVA]

User: All Users

User: Colleen
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02152012_090422

Files\Folders moved on Reboot...
C:\Users\Colleen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Colleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Colleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Wed Feb 15, 2012 8:41 am    Post subject: Reply with quote

Hi Rennix,
Quote:
Mom's got a Seagate FreeAgent GoFlex 500GB USB external drive that backs up her user files. It's been disconnected for the last couple of days. I have to figure that the external drive is infected with what ever is on her computer as well. How do you want to handle that?
We will take a look at that soon, lets see if we can resolve the IE issue first.
Please don't connect external drive until i ask you to.

Reset IE8:
  • Download Microsoft FixIt and save it to the desktop.
  • Right click on MicrosoftFixit50195.exe and select " Run as administrator " to run it.
  • I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
  • Next time IE8 is launched you will be prompted to reapply settings again, this is normal.
  • Note: Any add-ons will require to be reapplied after the above reset.

Is IE connecting to google now?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Wed Feb 15, 2012 8:58 am    Post subject: Reply with quote

I ran Microsoft FixIt and I still cannot connect to Google.com. Sad Microsoft FixIt did not give me the option to "Run as Administrator," I chose "Install."
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Wed Feb 15, 2012 9:51 am    Post subject: Reply with quote

Hi Rennix,
Try this, Type the following into the addressbar at the top of the page.
Quote:
74.125.157.147

Now hit enter, does the page go to google?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Wed Feb 15, 2012 9:55 am    Post subject: Reply with quote

Yes it does.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Wed Feb 15, 2012 11:11 am    Post subject: Reply with quote

Hi Rennix,
This is odd Think

Please download HostsXpert and unzip it to your desktop, Do not run it yet.

Next.
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :processes
    killallprocesses

    :files
    C:\WINDOWS\system32\drivers\etc\hosts
    ipconfig /flushdns /c

    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
    [REBOOT]

  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.
  • Right click on HostsXpert.exe and select " Run as administrator " to run it.
  • When prompted with:
    HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.
  • Select OK.
  • Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction

  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)

  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.

  • Exit the programme.

Next.

I see you already have Malwarebytes Anti-Malware installed:
  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Logs/Information to Post in your Next Reply
  • OTL fix log.
  • Malwarebytes log.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Wed Feb 15, 2012 12:16 pm    Post subject: Reply with quote

Hello Cypher,

Looks like I lost OTL fix log with the reboot and I can't find malwarebytes log either, Windows 7 doesn't have a Documents and Settings folder that I could find.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Wed Feb 15, 2012 12:26 pm    Post subject: Reply with quote

Hi Rennix,
Is IE still not connecting to google?
Quote:
Looks like I lost OTL fix log with the reboot and I can't find malwarebytes log either

No problem, go to Start > Comtuter > C: > OTL > Moved Files
You will find the OTL log there, post it in your next reply.

To find the malwarebytes log launch malwarebytes and click on logs.
They are time dated, please post the most recent one.

I will be away for the rest of the evening, i will see you again in the morning Smile
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Wed Feb 15, 2012 12:40 pm    Post subject: Reply with quote

No, we're still not connecting to Google. Sad

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-3669529631-1349151726-661693113-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
========== FILES ==========
c:\users\Colleen\AppData\Roaming\Microsoft\E5FB\BCA9.tmp moved successfully.
c:\programdata\Microsoft\Windows\DRM\EB92.tmp moved successfully.
c:\programdata\Microsoft\Windows\DRM\EB81.tmp moved successfully.
C:\Users\Colleen\AppData\Local\aefdhb4f6rpj8dih7lxn3t445l0k moved successfully.
C:\ProgramData\aefdhb4f6rpj8dih7lxn3t445l0k moved successfully.
C:\Users\Colleen\AppData\Local\phlxhr7v6qlt6qee4dcb1l078y5x moved successfully.
C:\ProgramData\phlxhr7v6qlt6qee4dcb1l078y5x moved successfully.
C:\Program Files (x86)\1E39D\lvvm.exe moved successfully.
C:\Program Files (x86)\RivalGaming\Uninstaller.exe moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\EB81.tmp.dat moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\EB81.tmp not found.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\EB81.tmp.dat not found.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\EB92.tmp not found.
C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bec11ca-23762365 moved successfully.
C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7b2707d0-3ba9d930 moved successfully.
C:\Users\Colleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\d189d59-283af859 moved successfully.
File\Folder C:\Users\Colleen\AppData\Roaming\Microsoft\E5FB\BCA9.tmp not found.
C:\Windows\System32\config\systemprofile\AppData\Roaming\BCA1E\1A5E5.exe moved successfully.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BCA1E\1A5E5.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Colleen\Desktop\cmd.bat deleted successfully.
C:\Users\Colleen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Colleen
->Flash cache emptied: 147426 bytes

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Colleen
->Temp folder emptied: 51905 bytes
->Temporary Internet Files folder emptied: 284068092 bytes
->Java cache emptied: 22593825 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44836 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 293.00 mb


[EMPTYJAVA]

User: All Users

User: Colleen
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02152012_090422

Files\Folders moved on Reboot...
C:\Users\Colleen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Colleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Colleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.15.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Colleen :: COLLEEN-HP [administrator]

2/15/2012 1:39:38 PM
mbam-log-2012-02-15 (13-39-3Cool.txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185805
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4904 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


Have a nice evening.

Rennix
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Thu Feb 16, 2012 3:45 am    Post subject: Reply with quote

Hi Rennix,

Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select " Run as administrator " to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Thu Feb 16, 2012 9:08 am    Post subject: Reply with quote

11:06:07.0910 5348 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
11:06:08.0234 5348 ============================================================
11:06:08.0234 5348 Current date / time: 2012/02/16 11:06:08.0234
11:06:08.0234 5348 SystemInfo:
11:06:08.0234 5348
11:06:08.0234 5348 OS Version: 6.1.7601 ServicePack: 1.0
11:06:08.0234 5348 Product type: Workstation
11:06:08.0235 5348 ComputerName: COLLEEN-HP
11:06:08.0235 5348 UserName: Colleen
11:06:08.0235 5348 Windows directory: C:\Windows
11:06:08.0235 5348 System windows directory: C:\Windows
11:06:08.0235 5348 Running under WOW64
11:06:08.0235 5348 Processor architecture: Intel x64
11:06:08.0235 5348 Number of processors: 6
11:06:08.0235 5348 Page size: 0x1000
11:06:08.0235 5348 Boot type: Normal boot
11:06:08.0235 5348 ============================================================
11:06:09.0435 5348 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:06:09.0441 5348 Drive \Device\Harddisk1\DR1 - Size: 0x1F40000 (0.03 Gb), SectorSize: 0x200, Cylinders: 0x3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:06:09.0463 5348 \Device\Harddisk0\DR0:
11:06:09.0464 5348 MBR used
11:06:09.0464 5348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:06:09.0464 5348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72E9A800
11:06:09.0464 5348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72ECD000, BlocksNum 0x1839000
11:06:09.0464 5348 \Device\Harddisk1\DR1:
11:06:09.0467 5348 MBR used
11:06:09.0467 5348 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0xF960
11:06:09.0533 5348 Initialize success
11:06:09.0533 5348 ============================================================
11:06:22.0895 5408 ============================================================
11:06:22.0895 5408 Scan started
11:06:22.0895 5408 Mode: Manual;
11:06:22.0895 5408 ============================================================
11:06:24.0481 5408 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:06:24.0487 5408 1394ohci - ok
11:06:24.0554 5408 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:06:24.0561 5408 ACPI - ok
11:06:24.0582 5408 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:06:24.0584 5408 AcpiPmi - ok
11:06:24.0620 5408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:06:24.0631 5408 adp94xx - ok
11:06:24.0648 5408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:06:24.0656 5408 adpahci - ok
11:06:24.0668 5408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:06:24.0671 5408 adpu320 - ok
11:06:24.0747 5408 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:06:24.0757 5408 AFD - ok
11:06:24.0792 5408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:06:24.0795 5408 agp440 - ok
11:06:24.0824 5408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:06:24.0826 5408 aliide - ok
11:06:24.0856 5408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:06:24.0858 5408 amdide - ok
11:06:24.0878 5408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:06:24.0881 5408 AmdK8 - ok
11:06:25.0047 5408 amdkmdag (21d749e3c8140b16c40a8273fd747899) C:\Windows\system32\DRIVERS\atikmdag.sys
11:06:25.0181 5408 amdkmdag - ok
11:06:25.0267 5408 amdkmdap (1aa6f50a8e7f8413377c979cef5218a5) C:\Windows\system32\DRIVERS\atikmpag.sys
11:06:25.0270 5408 amdkmdap - ok
11:06:25.0283 5408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:06:25.0284 5408 AmdPPM - ok
11:06:25.0305 5408 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
11:06:25.0307 5408 amdsata - ok
11:06:25.0324 5408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:06:25.0328 5408 amdsbs - ok
11:06:25.0351 5408 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
11:06:25.0352 5408 amdxata - ok
11:06:25.0399 5408 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:06:25.0403 5408 AppID - ok
11:06:25.0459 5408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:06:25.0463 5408 arc - ok
11:06:25.0474 5408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:06:25.0478 5408 arcsas - ok
11:06:25.0526 5408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:06:25.0529 5408 AsyncMac - ok
11:06:25.0582 5408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:06:25.0584 5408 atapi - ok
11:06:25.0621 5408 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
11:06:25.0624 5408 AtiHdmiService - ok
11:06:25.0694 5408 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
11:06:25.0695 5408 AtiPcie - ok
11:06:25.0805 5408 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:06:25.0807 5408 AVGIDSDriver - ok
11:06:25.0824 5408 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:06:25.0825 5408 AVGIDSEH - ok
11:06:25.0850 5408 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:06:25.0851 5408 AVGIDSFilter - ok
11:06:25.0890 5408 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
11:06:25.0895 5408 Avgldx64 - ok
11:06:25.0933 5408 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:06:25.0935 5408 Avgmfx64 - ok
11:06:25.0956 5408 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:06:25.0958 5408 Avgrkx64 - ok
11:06:25.0976 5408 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
11:06:25.0981 5408 Avgtdia - ok
11:06:26.0044 5408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:06:26.0054 5408 b06bdrv - ok
11:06:26.0082 5408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:06:26.0090 5408 b57nd60a - ok
11:06:26.0147 5408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:06:26.0149 5408 Beep - ok
11:06:26.0209 5408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:06:26.0211 5408 blbdrive - ok
11:06:26.0266 5408 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:06:26.0269 5408 bowser - ok
11:06:26.0288 5408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:06:26.0290 5408 BrFiltLo - ok
11:06:26.0300 5408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:06:26.0302 5408 BrFiltUp - ok
11:06:26.0333 5408 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:06:26.0335 5408 BridgeMP - ok
11:06:26.0363 5408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:06:26.0366 5408 Brserid - ok
11:06:26.0374 5408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:06:26.0376 5408 BrSerWdm - ok
11:06:26.0383 5408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:06:26.0384 5408 BrUsbMdm - ok
11:06:26.0393 5408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:06:26.0394 5408 BrUsbSer - ok
11:06:26.0402 5408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:06:26.0404 5408 BTHMODEM - ok
11:06:26.0411 5408 catchme - ok
11:06:26.0428 5408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:06:26.0429 5408 cdfs - ok
11:06:26.0457 5408 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:06:26.0461 5408 cdrom - ok
11:06:26.0496 5408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:06:26.0499 5408 circlass - ok
11:06:26.0540 5408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:06:26.0548 5408 CLFS - ok
11:06:26.0569 5408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:06:26.0571 5408 CmBatt - ok
11:06:26.0596 5408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:06:26.0597 5408 cmdide - ok
11:06:26.0633 5408 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:06:26.0643 5408 CNG - ok
11:06:26.0661 5408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:06:26.0663 5408 Compbatt - ok
11:06:26.0681 5408 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:06:26.0683 5408 CompositeBus - ok
11:06:26.0698 5408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:06:26.0699 5408 crcdisk - ok
11:06:26.0768 5408 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:06:26.0770 5408 DfsC - ok
11:06:26.0794 5408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:06:26.0796 5408 discache - ok
11:06:26.0816 5408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:06:26.0822 5408 Disk - ok
11:06:26.0915 5408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:06:26.0916 5408 drmkaud - ok
11:06:26.0959 5408 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:06:26.0968 5408 DXGKrnl - ok
11:06:27.0093 5408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:06:27.0147 5408 ebdrv - ok
11:06:27.0172 5408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:06:27.0179 5408 elxstor - ok
11:06:27.0227 5408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:06:27.0229 5408 ErrDev - ok
11:06:27.0274 5408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:06:27.0318 5408 exfat - ok
11:06:27.0427 5408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:06:27.0432 5408 fastfat - ok
11:06:27.0459 5408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:06:27.0461 5408 fdc - ok
11:06:27.0483 5408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:06:27.0484 5408 FileInfo - ok
11:06:27.0493 5408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:06:27.0494 5408 Filetrace - ok
11:06:27.0511 5408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:06:27.0513 5408 flpydisk - ok
11:06:27.0532 5408 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:06:27.0536 5408 FltMgr - ok
11:06:27.0581 5408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:06:27.0583 5408 FsDepends - ok
11:06:27.0636 5408 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
11:06:27.0639 5408 fssfltr - ok
11:06:27.0665 5408 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:06:27.0666 5408 Fs_Rec - ok
11:06:27.0700 5408 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:06:27.0703 5408 fvevol - ok
11:06:27.0725 5408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:06:27.0727 5408 gagp30kx - ok
11:06:27.0807 5408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:06:27.0810 5408 hcw85cir - ok
11:06:27.0843 5408 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:06:27.0851 5408 HdAudAddService - ok
11:06:27.0909 5408 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:06:27.0913 5408 HDAudBus - ok
11:06:27.0931 5408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:06:27.0933 5408 HidBatt - ok
11:06:27.0950 5408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:06:27.0953 5408 HidBth - ok
11:06:27.0968 5408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:06:27.0970 5408 HidIr - ok
11:06:27.0989 5408 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:06:27.0991 5408 HidUsb - ok
11:06:28.0059 5408 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:06:28.0061 5408 HpSAMD - ok
11:06:28.0108 5408 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:06:28.0123 5408 HTTP - ok
11:06:28.0145 5408 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:06:28.0147 5408 hwpolicy - ok
11:06:28.0178 5408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:06:28.0180 5408 i8042prt - ok
11:06:28.0200 5408 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:06:28.0207 5408 iaStorV - ok
11:06:28.0228 5408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:06:28.0230 5408 iirsp - ok
11:06:28.0314 5408 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
11:06:28.0332 5408 IntcAzAudAddService - ok
11:06:28.0355 5408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:06:28.0357 5408 intelide - ok
11:06:28.0400 5408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:06:28.0404 5408 intelppm - ok
11:06:28.0424 5408 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:06:28.0426 5408 IpFilterDriver - ok
11:06:28.0442 5408 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:06:28.0444 5408 IPMIDRV - ok
11:06:28.0460 5408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:06:28.0463 5408 IPNAT - ok
11:06:28.0482 5408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:06:28.0484 5408 IRENUM - ok
11:06:28.0500 5408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:06:28.0502 5408 isapnp - ok
11:06:28.0529 5408 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:06:28.0534 5408 iScsiPrt - ok
11:06:28.0556 5408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:06:28.0557 5408 kbdclass - ok
11:06:28.0576 5408 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:06:28.0578 5408 kbdhid - ok
11:06:28.0618 5408 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:06:28.0621 5408 KSecDD - ok
11:06:28.0657 5408 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:06:28.0659 5408 KSecPkg - ok
11:06:28.0668 5408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:06:28.0669 5408 ksthunk - ok
11:06:28.0746 5408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:06:28.0749 5408 lltdio - ok
11:06:28.0796 5408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:06:28.0799 5408 LSI_FC - ok
11:06:28.0815 5408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:06:28.0819 5408 LSI_SAS - ok
11:06:28.0831 5408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:06:28.0833 5408 LSI_SAS2 - ok
11:06:28.0860 5408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:06:28.0863 5408 LSI_SCSI - ok
11:06:28.0877 5408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:06:28.0879 5408 luafv - ok
11:06:28.0946 5408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:06:28.0947 5408 megasas - ok
11:06:28.0969 5408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:06:28.0977 5408 MegaSR - ok
11:06:29.0025 5408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:06:29.0028 5408 Modem - ok
11:06:29.0057 5408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:06:29.0058 5408 monitor - ok
11:06:29.0079 5408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:06:29.0081 5408 mouclass - ok
11:06:29.0098 5408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:06:29.0100 5408 mouhid - ok
11:06:29.0131 5408 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:06:29.0133 5408 mountmgr - ok
11:06:29.0157 5408 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:06:29.0161 5408 mpio - ok
11:06:29.0184 5408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:06:29.0187 5408 mpsdrv - ok
11:06:29.0217 5408 mrtRate - ok
11:06:29.0255 5408 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:06:29.0259 5408 MRxDAV - ok
11:06:29.0283 5408 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:06:29.0286 5408 mrxsmb - ok
11:06:29.0301 5408 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:06:29.0306 5408 mrxsmb10 - ok
11:06:29.0321 5408 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:06:29.0324 5408 mrxsmb20 - ok
11:06:29.0345 5408 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:06:29.0347 5408 msahci - ok
11:06:29.0365 5408 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:06:29.0367 5408 msdsm - ok
11:06:29.0393 5408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:06:29.0395 5408 Msfs - ok
11:06:29.0412 5408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:06:29.0414 5408 mshidkmdf - ok
11:06:29.0427 5408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:06:29.0428 5408 msisadrv - ok
11:06:29.0598 5408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:06:29.0600 5408 MSKSSRV - ok
11:06:29.0620 5408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:06:29.0621 5408 MSPCLOCK - ok
11:06:29.0635 5408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:06:29.0637 5408 MSPQM - ok
11:06:29.0671 5408 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:06:29.0679 5408 MsRPC - ok
11:06:29.0695 5408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:06:29.0697 5408 mssmbios - ok
11:06:29.0721 5408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:06:29.0723 5408 MSTEE - ok
11:06:29.0746 5408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:06:29.0747 5408 MTConfig - ok
11:06:29.0756 5408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:06:29.0757 5408 Mup - ok
11:06:29.0808 5408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:06:29.0812 5408 NativeWifiP - ok
11:06:29.0860 5408 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:06:29.0878 5408 NDIS - ok
11:06:29.0895 5408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:06:29.0896 5408 NdisCap - ok
11:06:29.0939 5408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:06:29.0941 5408 NdisTapi - ok
11:06:29.0969 5408 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:06:29.0970 5408 Ndisuio - ok
11:06:30.0002 5408 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:06:30.0004 5408 NdisWan - ok
11:06:30.0030 5408 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:06:30.0031 5408 NDProxy - ok
11:06:30.0045 5408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:06:30.0047 5408 NetBIOS - ok
11:06:30.0066 5408 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:06:30.0070 5408 NetBT - ok
11:06:30.0130 5408 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
11:06:30.0141 5408 netr28x - ok
11:06:30.0163 5408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:06:30.0165 5408 nfrd960 - ok
11:06:30.0188 5408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:06:30.0189 5408 Npfs - ok
11:06:30.0201 5408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:06:30.0201 5408 nsiproxy - ok
11:06:30.0264 5408 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:06:30.0295 5408 Ntfs - ok
11:06:30.0309 5408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:06:30.0310 5408 Null - ok
11:06:30.0339 5408 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:06:30.0342 5408 nvraid - ok
11:06:30.0356 5408 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:06:30.0359 5408 nvstor - ok
11:06:30.0387 5408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:06:30.0390 5408 nv_agp - ok
11:06:30.0423 5408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:06:30.0425 5408 ohci1394 - ok
11:06:30.0507 5408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:06:30.0511 5408 Parport - ok
11:06:30.0536 5408 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:06:30.0539 5408 partmgr - ok
11:06:30.0571 5408 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:06:30.0574 5408 pci - ok
11:06:30.0599 5408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:06:30.0601 5408 pciide - ok
11:06:30.0616 5408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:06:30.0620 5408 pcmcia - ok
11:06:30.0639 5408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:06:30.0640 5408 pcw - ok
11:06:30.0667 5408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:06:30.0676 5408 PEAUTH - ok
11:06:30.0735 5408 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:06:30.0738 5408 PptpMiniport - ok
11:06:30.0759 5408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:06:30.0761 5408 Processor - ok
11:06:30.0820 5408 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:06:30.0823 5408 Psched - ok
11:06:30.0876 5408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:06:30.0920 5408 ql2300 - ok
11:06:30.0945 5408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:06:30.0948 5408 ql40xx - ok
11:06:30.0966 5408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:06:30.0967 5408 QWAVEdrv - ok
11:06:30.0986 5408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:06:30.0987 5408 RasAcd - ok
11:06:31.0011 5408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:06:31.0012 5408 RasAgileVpn - ok
11:06:31.0036 5408 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:06:31.0038 5408 Rasl2tp - ok
11:06:31.0056 5408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:06:31.0058 5408 RasPppoe - ok
11:06:31.0070 5408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:06:31.0072 5408 RasSstp - ok
11:06:31.0096 5408 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:06:31.0101 5408 rdbss - ok
11:06:31.0115 5408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:06:31.0117 5408 rdpbus - ok
11:06:31.0131 5408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:06:31.0132 5408 RDPCDD - ok
11:06:31.0144 5408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:06:31.0144 5408 RDPENCDD - ok
11:06:31.0162 5408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:06:31.0163 5408 RDPREFMP - ok
11:06:31.0188 5408 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:06:31.0191 5408 RDPWD - ok
11:06:31.0222 5408 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:06:31.0224 5408 rdyboost - ok
11:06:31.0278 5408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:06:31.0280 5408 rspndr - ok
11:06:31.0347 5408 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:06:31.0351 5408 RTL8167 - ok
11:06:31.0376 5408 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:06:31.0378 5408 sbp2port - ok
11:06:31.0398 5408 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:06:31.0399 5408 scfilter - ok
11:06:31.0456 5408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:06:31.0458 5408 secdrv - ok
11:06:31.0479 5408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:06:31.0481 5408 Serenum - ok
11:06:31.0497 5408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:06:31.0500 5408 Serial - ok
11:06:31.0552 5408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:06:31.0554 5408 sermouse - ok
11:06:31.0592 5408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:06:31.0593 5408 sffdisk - ok
11:06:31.0606 5408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:06:31.0608 5408 sffp_mmc - ok
11:06:31.0753 5408 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:06:31.0763 5408 sffp_sd - ok
11:06:31.0773 5408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:06:31.0775 5408 sfloppy - ok
11:06:31.0816 5408 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:06:31.0824 5408 Sftfs - ok
11:06:31.0857 5408 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:06:31.0860 5408 Sftplay - ok
11:06:31.0880 5408 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:06:31.0881 5408 Sftredir - ok
11:06:31.0897 5408 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:06:31.0898 5408 Sftvol - ok
11:06:31.0949 5408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:06:31.0952 5408 SiSRaid2 - ok
11:06:31.0964 5408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:06:31.0968 5408 SiSRaid4 - ok
11:06:31.0993 5408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:06:31.0995 5408 Smb - ok
11:06:32.0017 5408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:06:32.0018 5408 spldr - ok
11:06:32.0142 5408 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:06:32.0193 5408 srv - ok
11:06:32.0308 5408 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:06:32.0317 5408 srv2 - ok
11:06:32.0337 5408 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:06:32.0340 5408 srvnet - ok
11:06:32.0384 5408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:06:32.0386 5408 stexstor - ok
11:06:32.0406 5408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:06:32.0407 5408 swenum - ok
11:06:32.0489 5408 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:06:32.0520 5408 Tcpip - ok
11:06:32.0560 5408 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:06:32.0572 5408 TCPIP6 - ok
11:06:32.0598 5408 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:06:32.0600 5408 tcpipreg - ok
11:06:32.0617 5408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:06:32.0618 5408 TDPIPE - ok
11:06:32.0637 5408 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:06:32.0638 5408 TDTCP - ok
11:06:32.0667 5408 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:06:32.0669 5408 tdx - ok
11:06:32.0676 5408 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:06:32.0677 5408 TermDD - ok
11:06:32.0716 5408 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:06:32.0718 5408 tssecsrv - ok
11:06:32.0766 5408 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:06:32.0778 5408 TsUsbFlt - ok
11:06:32.0840 5408 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:06:32.0844 5408 tunnel - ok
11:06:32.0868 5408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:06:32.0871 5408 uagp35 - ok
11:06:32.0910 5408 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:06:32.0919 5408 udfs - ok
11:06:32.0962 5408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:06:32.0964 5408 uliagpkx - ok
11:06:32.0984 5408 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:06:32.0985 5408 umbus - ok
11:06:32.0993 5408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:06:32.0995 5408 UmPass - ok
11:06:33.0023 5408 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:06:33.0025 5408 usbaudio - ok
11:06:33.0051 5408 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:06:33.0053 5408 usbccgp - ok
11:06:33.0101 5408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:06:33.0105 5408 usbcir - ok
11:06:33.0133 5408 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:06:33.0136 5408 usbehci - ok
11:06:33.0161 5408 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
11:06:33.0163 5408 usbfilter - ok
11:06:33.0184 5408 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:06:33.0188 5408 usbhub - ok
11:06:33.0214 5408 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:06:33.0216 5408 usbohci - ok
11:06:33.0224 5408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:06:33.0225 5408 usbprint - ok
11:06:33.0265 5408 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:06:33.0266 5408 usbscan - ok
11:06:33.0293 5408 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:06:33.0296 5408 USBSTOR - ok
11:06:33.0319 5408 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:06:33.0322 5408 usbuhci - ok
11:06:33.0351 5408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:06:33.0353 5408 vdrvroot - ok
11:06:33.0392 5408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:06:33.0394 5408 vga - ok
11:06:33.0414 5408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:06:33.0415 5408 VgaSave - ok
11:06:33.0440 5408 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:06:33.0444 5408 vhdmp - ok
11:06:33.0471 5408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:06:33.0473 5408 viaide - ok
11:06:33.0493 5408 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:06:33.0495 5408 volmgr - ok
11:06:33.0527 5408 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:06:33.0532 5408 volmgrx - ok
11:06:33.0554 5408 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:06:33.0558 5408 volsnap - ok
11:06:33.0601 5408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:06:33.0606 5408 vsmraid - ok
11:06:33.0667 5408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:06:33.0670 5408 vwifibus - ok
11:06:33.0711 5408 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:06:33.0715 5408 vwififlt - ok
11:06:33.0731 5408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:06:33.0732 5408 WacomPen - ok
11:06:33.0749 5408 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:06:33.0752 5408 WANARP - ok
11:06:33.0756 5408 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:06:33.0758 5408 Wanarpv6 - ok
11:06:33.0994 5408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:06:33.0996 5408 Wd - ok
11:06:34.0120 5408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:06:34.0137 5408 Wdf01000 - ok
11:06:34.0192 5408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:06:34.0193 5408 WfpLwf - ok
11:06:34.0201 5408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:06:34.0202 5408 WIMMount - ok
11:06:34.0280 5408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:06:34.0281 5408 WmiAcpi - ok
11:06:34.0301 5408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:06:34.0302 5408 ws2ifsl - ok
11:06:34.0373 5408 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:06:34.0376 5408 WudfPf - ok
11:06:34.0399 5408 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:06:34.0402 5408 WUDFRd - ok
11:06:34.0450 5408 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
11:06:34.0475 5408 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:06:34.0475 5408 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:06:34.0518 5408 MBR (0x1B8) (20c15ef2111b8472bbfe5e65b7c949e6) \Device\Harddisk1\DR1
11:06:35.0164 5408 \Device\Harddisk1\DR1 - ok
11:06:35.0181 5408 Boot (0x1200) (6729c2a2b23e8bcdb2f880e3ba5b5f96) \Device\Harddisk0\DR0\Partition0
11:06:35.0182 5408 \Device\Harddisk0\DR0\Partition0 - ok
11:06:35.0192 5408 Boot (0x1200) (84a9940b9084fe7da44832ad39d209bc) \Device\Harddisk0\DR0\Partition1
11:06:35.0193 5408 \Device\Harddisk0\DR0\Partition1 - ok
11:06:35.0218 5408 Boot (0x1200) (317becee12f06f381ff8d0eda2e8715e) \Device\Harddisk0\DR0\Partition2
11:06:35.0219 5408 \Device\Harddisk0\DR0\Partition2 - ok
11:06:35.0232 5408 Boot (0x1200) (77e01cdb9c2573d4a828b09331211818) \Device\Harddisk1\DR1\Partition0
11:06:35.0236 5408 \Device\Harddisk1\DR1\Partition0 - ok
11:06:35.0237 5408 ============================================================
11:06:35.0237 5408 Scan finished
11:06:35.0237 5408 ============================================================
11:06:35.0251 5920 Detected object count: 1
11:06:35.0251 5920 Actual detected object count: 1
11:06:59.0259 5920 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
11:06:59.0259 5920 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Thu Feb 16, 2012 10:06 am    Post subject: Reply with quote

Hi Rennix,

Rootkit

Im afraid i have some bad news, your mothers computer is infected with a Rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
How to backup your files in Windows XP
How to backup your files in Windows Vista/Windows 7

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Thu Feb 16, 2012 10:27 am    Post subject: Reply with quote

Hello Cypher,

Needless to say, my mother is not happy.

We would like to try cleaning the machine first and if there is no luck there, then take the drastic course of action and format and reinstall everything. In theory at least, we have a back up on the external drive. Although the external drive is probably infected as well.

I have disconnected her computer from the internet and am ready for the next step.

Thanks,

Rennix
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Thu Feb 16, 2012 10:49 am    Post subject: Reply with quote

Hi Rennix,
Sorry the news was not better.
Ok continue with the instructions below, once done give me an update on the computers performance.
  • Important!: Run this fix once and once only.
  • First go to Start > Computer > C: and delete the TDSSKiller log that was created there.
  • Next right click on TDSSKiller.exe and select " Run as administrator " to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished Ensure Cure ( the default) is selected... then click Continue > Reboot now.
  • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller._version_.MM.YYYY_HH.MM.SS_log.txt .
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Thu Feb 16, 2012 11:00 am    Post subject: Reply with quote

With Mom's computer now disconnected from the internet, how do I post the scan results log?
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Thu Feb 16, 2012 11:11 am    Post subject: Reply with quote

Hi Rennix,
Sorry for the confusion.
You can use your mothers computer to reply to my posts.
I just need you to limit the computers use until we get it clean.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Thu Feb 16, 2012 11:28 am    Post subject: Reply with quote

12:56:49.0183 4800 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
12:56:49.0194 4800 ============================================================
12:56:49.0194 4800 Current date / time: 2012/02/16 12:56:49.0194
12:56:49.0194 4800 SystemInfo:
12:56:49.0194 4800
12:56:49.0194 4800 OS Version: 6.1.7601 ServicePack: 1.0
12:56:49.0194 4800 Product type: Workstation
12:56:49.0194 4800 ComputerName: COLLEEN-HP
12:56:49.0194 4800 UserName: Colleen
12:56:49.0194 4800 Windows directory: C:\Windows
12:56:49.0194 4800 System windows directory: C:\Windows
12:56:49.0194 4800 Running under WOW64
12:56:49.0195 4800 Processor architecture: Intel x64
12:56:49.0195 4800 Number of processors: 6
12:56:49.0195 4800 Page size: 0x1000
12:56:49.0195 4800 Boot type: Normal boot
12:56:49.0195 4800 ============================================================
12:56:50.0469 4800 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:56:50.0498 4800 \Device\Harddisk0\DR0:
12:56:50.0498 4800 MBR used
12:56:50.0498 4800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:56:50.0499 4800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72E9A800
12:56:50.0499 4800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72ECD000, BlocksNum 0x1839000
12:56:50.0560 4800 Initialize success
12:56:50.0560 4800 ============================================================
12:56:55.0332 5472 ============================================================
12:56:55.0332 5472 Scan started
12:56:55.0332 5472 Mode: Manual;
12:56:55.0332 5472 ============================================================
12:56:56.0226 5472 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:56:56.0230 5472 1394ohci - ok
12:56:56.0290 5472 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:56:56.0296 5472 ACPI - ok
12:56:56.0318 5472 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:56:56.0319 5472 AcpiPmi - ok
12:56:56.0356 5472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:56:56.0364 5472 adp94xx - ok
12:56:56.0380 5472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:56:56.0386 5472 adpahci - ok
12:56:56.0399 5472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:56:56.0402 5472 adpu320 - ok
12:56:56.0475 5472 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:56:56.0483 5472 AFD - ok
12:56:56.0511 5472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:56:56.0513 5472 agp440 - ok
12:56:56.0535 5472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:56:56.0536 5472 aliide - ok
12:56:56.0567 5472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:56:56.0568 5472 amdide - ok
12:56:56.0590 5472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:56:56.0591 5472 AmdK8 - ok
12:56:56.0758 5472 amdkmdag (21d749e3c8140b16c40a8273fd747899) C:\Windows\system32\DRIVERS\atikmdag.sys
12:56:56.0794 5472 amdkmdag - ok
12:56:56.0928 5472 amdkmdap (1aa6f50a8e7f8413377c979cef5218a5) C:\Windows\system32\DRIVERS\atikmpag.sys
12:56:56.0930 5472 amdkmdap - ok
12:56:56.0945 5472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:56:56.0947 5472 AmdPPM - ok
12:56:56.0983 5472 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
12:56:56.0984 5472 amdsata - ok
12:56:57.0002 5472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:56:57.0005 5472 amdsbs - ok
12:56:57.0021 5472 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
12:56:57.0022 5472 amdxata - ok
12:56:57.0069 5472 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:56:57.0071 5472 AppID - ok
12:56:57.0111 5472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:56:57.0112 5472 arc - ok
12:56:57.0120 5472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:56:57.0121 5472 arcsas - ok
12:56:57.0154 5472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:56:57.0155 5472 AsyncMac - ok
12:56:57.0202 5472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:56:57.0203 5472 atapi - ok
12:56:57.0241 5472 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
12:56:57.0244 5472 AtiHdmiService - ok
12:56:57.0280 5472 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
12:56:57.0281 5472 AtiPcie - ok
12:56:57.0332 5472 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
12:56:57.0333 5472 AVGIDSDriver - ok
12:56:57.0352 5472 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
12:56:57.0352 5472 AVGIDSEH - ok
12:56:57.0378 5472 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
12:56:57.0379 5472 AVGIDSFilter - ok
12:56:57.0389 5472 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
12:56:57.0391 5472 Avgldx64 - ok
12:56:57.0403 5472 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:56:57.0404 5472 Avgmfx64 - ok
12:56:57.0412 5472 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:56:57.0412 5472 Avgrkx64 - ok
12:56:57.0424 5472 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
12:56:57.0426 5472 Avgtdia - ok
12:56:57.0469 5472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:56:57.0472 5472 b06bdrv - ok
12:56:57.0492 5472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:56:57.0494 5472 b57nd60a - ok
12:56:57.0542 5472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:56:57.0543 5472 Beep - ok
12:56:57.0587 5472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:56:57.0588 5472 blbdrive - ok
12:56:57.0611 5472 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:56:57.0612 5472 bowser - ok
12:56:57.0633 5472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:56:57.0633 5472 BrFiltLo - ok
12:56:57.0641 5472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:56:57.0641 5472 BrFiltUp - ok
12:56:57.0670 5472 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:56:57.0671 5472 BridgeMP - ok
12:56:57.0683 5472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:56:57.0685 5472 Brserid - ok
12:56:57.0693 5472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:56:57.0693 5472 BrSerWdm - ok
12:56:57.0701 5472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:56:57.0702 5472 BrUsbMdm - ok
12:56:57.0710 5472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:56:57.0711 5472 BrUsbSer - ok
12:56:57.0734 5472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:56:57.0735 5472 BTHMODEM - ok
12:56:57.0761 5472 catchme - ok
12:56:57.0790 5472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:56:57.0791 5472 cdfs - ok
12:56:57.0828 5472 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:56:57.0832 5472 cdrom - ok
12:56:57.0875 5472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:56:57.0876 5472 circlass - ok
12:56:57.0918 5472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:56:57.0925 5472 CLFS - ok
12:56:57.0957 5472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:56:57.0959 5472 CmBatt - ok
12:56:57.0983 5472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:56:57.0983 5472 cmdide - ok
12:56:58.0017 5472 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:56:58.0022 5472 CNG - ok
12:56:58.0039 5472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:56:58.0040 5472 Compbatt - ok
12:56:58.0068 5472 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:56:58.0069 5472 CompositeBus - ok
12:56:58.0080 5472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:56:58.0081 5472 crcdisk - ok
12:56:58.0155 5472 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:56:58.0157 5472 DfsC - ok
12:56:58.0173 5472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:56:58.0174 5472 discache - ok
12:56:58.0186 5472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:56:58.0187 5472 Disk - ok
12:56:58.0218 5472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:56:58.0219 5472 drmkaud - ok
12:56:58.0276 5472 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:56:58.0290 5472 DXGKrnl - ok
12:56:58.0351 5472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:56:58.0367 5472 ebdrv - ok
12:56:58.0392 5472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:56:58.0395 5472 elxstor - ok
12:56:58.0422 5472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:56:58.0423 5472 ErrDev - ok
12:56:58.0460 5472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:56:58.0462 5472 exfat - ok
12:56:58.0480 5472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:56:58.0481 5472 fastfat - ok
12:56:58.0490 5472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:56:58.0490 5472 fdc - ok
12:56:58.0511 5472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:56:58.0512 5472 FileInfo - ok
12:56:58.0519 5472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:56:58.0520 5472 Filetrace - ok
12:56:58.0527 5472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:56:58.0528 5472 flpydisk - ok
12:56:58.0552 5472 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:56:58.0554 5472 FltMgr - ok
12:56:58.0568 5472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:56:58.0569 5472 FsDepends - ok
12:56:58.0624 5472 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
12:56:58.0625 5472 fssfltr - ok
12:56:58.0644 5472 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:56:58.0646 5472 Fs_Rec - ok
12:56:58.0673 5472 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:56:58.0675 5472 fvevol - ok
12:56:58.0695 5472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:56:58.0696 5472 gagp30kx - ok
12:56:58.0811 5472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:56:58.0812 5472 hcw85cir - ok
12:56:58.0856 5472 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:56:58.0860 5472 HdAudAddService - ok
12:56:58.0904 5472 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:56:58.0906 5472 HDAudBus - ok
12:56:59.0067 5472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:56:59.0069 5472 HidBatt - ok
12:56:59.0104 5472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:56:59.0105 5472 HidBth - ok
12:56:59.0114 5472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:56:59.0115 5472 HidIr - ok
12:56:59.0135 5472 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:56:59.0136 5472 HidUsb - ok
12:56:59.0205 5472 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:56:59.0207 5472 HpSAMD - ok
12:56:59.0254 5472 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:56:59.0266 5472 HTTP - ok
12:56:59.0292 5472 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:56:59.0293 5472 hwpolicy - ok
12:56:59.0315 5472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:56:59.0316 5472 i8042prt - ok
12:56:59.0337 5472 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:56:59.0341 5472 iaStorV - ok
12:56:59.0365 5472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:56:59.0366 5472 iirsp - ok
12:56:59.0465 5472 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
12:56:59.0486 5472 IntcAzAudAddService - ok
12:56:59.0509 5472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:56:59.0509 5472 intelide - ok
12:56:59.0545 5472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:56:59.0546 5472 intelppm - ok
12:56:59.0578 5472 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:56:59.0580 5472 IpFilterDriver - ok
12:56:59.0604 5472 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:56:59.0605 5472 IPMIDRV - ok
12:56:59.0622 5472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:56:59.0624 5472 IPNAT - ok
12:56:59.0695 5472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:56:59.0696 5472 IRENUM - ok
12:56:59.0737 5472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:56:59.0739 5472 isapnp - ok
12:56:59.0767 5472 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:56:59.0772 5472 iScsiPrt - ok
12:56:59.0793 5472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:56:59.0795 5472 kbdclass - ok
12:56:59.0830 5472 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:56:59.0832 5472 kbdhid - ok
12:56:59.0881 5472 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:56:59.0883 5472 KSecDD - ok
12:56:59.0911 5472 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:56:59.0915 5472 KSecPkg - ok
12:56:59.0925 5472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:56:59.0927 5472 ksthunk - ok
12:57:00.0045 5472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:57:00.0046 5472 lltdio - ok
12:57:00.0075 5472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:57:00.0077 5472 LSI_FC - ok
12:57:00.0086 5472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:57:00.0088 5472 LSI_SAS - ok
12:57:00.0098 5472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:57:00.0100 5472 LSI_SAS2 - ok
12:57:00.0110 5472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:57:00.0112 5472 LSI_SCSI - ok
12:57:00.0131 5472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:57:00.0132 5472 luafv - ok
12:57:00.0154 5472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:57:00.0155 5472 megasas - ok
12:57:00.0165 5472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:57:00.0166 5472 MegaSR - ok
12:57:00.0223 5472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:57:00.0225 5472 Modem - ok
12:57:00.0260 5472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:57:00.0261 5472 monitor - ok
12:57:00.0291 5472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:57:00.0291 5472 mouclass - ok
12:57:00.0310 5472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:57:00.0312 5472 mouhid - ok
12:57:00.0343 5472 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:57:00.0344 5472 mountmgr - ok
12:57:00.0369 5472 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:57:00.0371 5472 mpio - ok
12:57:00.0388 5472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:57:00.0390 5472 mpsdrv - ok
12:57:00.0452 5472 mrtRate - ok
12:57:00.0483 5472 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:57:00.0485 5472 MRxDAV - ok
12:57:00.0512 5472 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:57:00.0514 5472 mrxsmb - ok
12:57:00.0530 5472 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:57:00.0533 5472 mrxsmb10 - ok
12:57:00.0550 5472 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:57:00.0552 5472 mrxsmb20 - ok
12:57:00.0573 5472 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:57:00.0574 5472 msahci - ok
12:57:00.0593 5472 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:57:00.0595 5472 msdsm - ok
12:57:00.0622 5472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:57:00.0623 5472 Msfs - ok
12:57:00.0641 5472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:57:00.0642 5472 mshidkmdf - ok
12:57:00.0664 5472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:57:00.0665 5472 msisadrv - ok
12:57:00.0685 5472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:57:00.0686 5472 MSKSSRV - ok
12:57:00.0707 5472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:57:00.0707 5472 MSPCLOCK - ok
12:57:00.0716 5472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:57:00.0717 5472 MSPQM - ok
12:57:00.0749 5472 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:57:00.0752 5472 MsRPC - ok
12:57:00.0772 5472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:57:00.0773 5472 mssmbios - ok
12:57:00.0791 5472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:57:00.0791 5472 MSTEE - ok
12:57:00.0801 5472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:57:00.0802 5472 MTConfig - ok
12:57:00.0812 5472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:57:00.0813 5472 Mup - ok
12:57:00.0878 5472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:57:00.0882 5472 NativeWifiP - ok
12:57:00.0926 5472 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:57:00.0934 5472 NDIS - ok
12:57:00.0973 5472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:57:00.0974 5472 NdisCap - ok
12:57:01.0027 5472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:57:01.0028 5472 NdisTapi - ok
12:57:01.0073 5472 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:57:01.0074 5472 Ndisuio - ok
12:57:01.0332 5472 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:57:01.0335 5472 NdisWan - ok
12:57:01.0375 5472 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:57:01.0377 5472 NDProxy - ok
12:57:01.0391 5472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:57:01.0392 5472 NetBIOS - ok
12:57:01.0412 5472 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:57:01.0414 5472 NetBT - ok
12:57:01.0481 5472 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
12:57:01.0494 5472 netr28x - ok
12:57:01.0542 5472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:57:01.0543 5472 nfrd960 - ok
12:57:01.0566 5472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:57:01.0567 5472 Npfs - ok
12:57:01.0579 5472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:57:01.0580 5472 nsiproxy - ok
12:57:01.0631 5472 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:57:01.0641 5472 Ntfs - ok
12:57:01.0654 5472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:57:01.0655 5472 Null - ok
12:57:01.0684 5472 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:57:01.0686 5472 nvraid - ok
12:57:01.0701 5472 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:57:01.0703 5472 nvstor - ok
12:57:01.0733 5472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:57:01.0734 5472 nv_agp - ok
12:57:01.0769 5472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:57:01.0771 5472 ohci1394 - ok
12:57:01.0877 5472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:57:01.0878 5472 Parport - ok
12:57:01.0898 5472 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:57:01.0899 5472 partmgr - ok
12:57:01.0950 5472 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:57:01.0954 5472 pci - ok
12:57:01.0977 5472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:57:01.0979 5472 pciide - ok
12:57:02.0004 5472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:57:02.0008 5472 pcmcia - ok
12:57:02.0026 5472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:57:02.0028 5472 pcw - ok
12:57:02.0069 5472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:57:02.0080 5472 PEAUTH - ok
12:57:02.0164 5472 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:57:02.0167 5472 PptpMiniport - ok
12:57:02.0188 5472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:57:02.0190 5472 Processor - ok
12:57:02.0257 5472 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:57:02.0260 5472 Psched - ok
12:57:02.0305 5472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:57:02.0318 5472 ql2300 - ok
12:57:02.0341 5472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:57:02.0343 5472 ql40xx - ok
12:57:02.0362 5472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:57:02.0363 5472 QWAVEdrv - ok
12:57:02.0390 5472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:57:02.0391 5472 RasAcd - ok
12:57:02.0415 5472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:57:02.0416 5472 RasAgileVpn - ok
12:57:02.0440 5472 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:57:02.0442 5472 Rasl2tp - ok
12:57:02.0486 5472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:57:02.0487 5472 RasPppoe - ok
12:57:02.0499 5472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:57:02.0501 5472 RasSstp - ok
12:57:02.0526 5472 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:57:02.0529 5472 rdbss - ok
12:57:02.0545 5472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:57:02.0546 5472 rdpbus - ok
12:57:02.0561 5472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:57:02.0562 5472 RDPCDD - ok
12:57:02.0598 5472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:57:02.0599 5472 RDPENCDD - ok
12:57:02.0617 5472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:57:02.0618 5472 RDPREFMP - ok
12:57:02.0659 5472 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:57:02.0661 5472 RDPWD - ok
12:57:02.0719 5472 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:57:02.0723 5472 rdyboost - ok
12:57:02.0757 5472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:57:02.0758 5472 rspndr - ok
12:57:02.0854 5472 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:57:02.0859 5472 RTL8167 - ok
12:57:02.0906 5472 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:57:02.0909 5472 sbp2port - ok
12:57:02.0945 5472 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:57:02.0947 5472 scfilter - ok
12:57:03.0019 5472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:57:03.0020 5472 secdrv - ok
12:57:03.0084 5472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:57:03.0085 5472 Serenum - ok
12:57:03.0097 5472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:57:03.0100 5472 Serial - ok
12:57:03.0156 5472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:57:03.0158 5472 sermouse - ok
12:57:03.0196 5472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:57:03.0196 5472 sffdisk - ok
12:57:03.0210 5472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:57:03.0211 5472 sffp_mmc - ok
12:57:03.0224 5472 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:57:03.0225 5472 sffp_sd - ok
12:57:03.0232 5472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:57:03.0233 5472 sfloppy - ok
12:57:03.0412 5472 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:57:03.0419 5472 Sftfs - ok
12:57:03.0462 5472 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:57:03.0464 5472 Sftplay - ok
12:57:03.0493 5472 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:57:03.0494 5472 Sftredir - ok
12:57:03.0510 5472 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:57:03.0511 5472 Sftvol - ok
12:57:03.0528 5472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:57:03.0529 5472 SiSRaid2 - ok
12:57:03.0539 5472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:57:03.0540 5472 SiSRaid4 - ok
12:57:03.0555 5472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:57:03.0556 5472 Smb - ok
12:57:03.0588 5472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:57:03.0588 5472 spldr - ok
12:57:03.0638 5472 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:57:03.0646 5472 srv - ok
12:57:03.0685 5472 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:57:03.0689 5472 srv2 - ok
12:57:03.0707 5472 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:57:03.0710 5472 srvnet - ok
12:57:03.0756 5472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:57:03.0757 5472 stexstor - ok
12:57:03.0777 5472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:57:03.0778 5472 swenum - ok
12:57:03.0870 5472 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:57:03.0882 5472 Tcpip - ok
12:57:03.0923 5472 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:57:03.0935 5472 TCPIP6 - ok
12:57:03.0961 5472 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:57:03.0962 5472 tcpipreg - ok
12:57:03.0980 5472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:57:03.0981 5472 TDPIPE - ok
12:57:04.0000 5472 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:57:04.0001 5472 TDTCP - ok
12:57:04.0021 5472 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:57:04.0023 5472 tdx - ok
12:57:04.0041 5472 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:57:04.0042 5472 TermDD - ok
12:57:04.0113 5472 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:57:04.0115 5472 tssecsrv - ok
12:57:04.0171 5472 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:57:04.0173 5472 TsUsbFlt - ok
12:57:04.0219 5472 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:57:04.0221 5472 tunnel - ok
12:57:04.0230 5472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:57:04.0231 5472 uagp35 - ok
12:57:04.0263 5472 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:57:04.0266 5472 udfs - ok
12:57:04.0317 5472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:57:04.0318 5472 uliagpkx - ok
12:57:04.0338 5472 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:57:04.0340 5472 umbus - ok
12:57:04.0379 5472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:57:04.0380 5472 UmPass - ok
12:57:04.0411 5472 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:57:04.0412 5472 usbaudio - ok
12:57:04.0439 5472 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:57:04.0440 5472 usbccgp - ok
12:57:04.0471 5472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:57:04.0473 5472 usbcir - ok
12:57:04.0504 5472 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:57:04.0505 5472 usbehci - ok
12:57:04.0532 5472 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
12:57:04.0533 5472 usbfilter - ok
12:57:04.0556 5472 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:57:04.0560 5472 usbhub - ok
12:57:04.0586 5472 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:57:04.0587 5472 usbohci - ok
12:57:04.0596 5472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:57:04.0597 5472 usbprint - ok
12:57:04.0644 5472 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:57:04.0645 5472 usbscan - ok
12:57:04.0664 5472 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:57:04.0665 5472 USBSTOR - ok
12:57:04.0681 5472 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:57:04.0683 5472 usbuhci - ok
12:57:04.0714 5472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:57:04.0715 5472 vdrvroot - ok
12:57:04.0730 5472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:57:04.0731 5472 vga - ok
12:57:04.0751 5472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:57:04.0753 5472 VgaSave - ok
12:57:04.0778 5472 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:57:04.0780 5472 vhdmp - ok
12:57:04.0808 5472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:57:04.0809 5472 viaide - ok
12:57:04.0889 5472 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:57:04.0891 5472 volmgr - ok
12:57:04.0931 5472 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:57:04.0935 5472 volmgrx - ok
12:57:04.0959 5472 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:57:04.0962 5472 volsnap - ok
12:57:05.0014 5472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:57:05.0017 5472 vsmraid - ok
12:57:05.0080 5472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:57:05.0082 5472 vwifibus - ok
12:57:05.0123 5472 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:57:05.0126 5472 vwififlt - ok
12:57:05.0158 5472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:57:05.0159 5472 WacomPen - ok
12:57:05.0179 5472 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:57:05.0182 5472 WANARP - ok
12:57:05.0211 5472 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:57:05.0212 5472 Wanarpv6 - ok
12:57:05.0271 5472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:57:05.0273 5472 Wd - ok
12:57:05.0314 5472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:57:05.0324 5472 Wdf01000 - ok
12:57:05.0596 5472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:57:05.0598 5472 WfpLwf - ok
12:57:05.0621 5472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:57:05.0622 5472 WIMMount - ok
12:57:05.0693 5472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:57:05.0694 5472 WmiAcpi - ok
12:57:05.0714 5472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:57:05.0715 5472 ws2ifsl - ok
12:57:05.0752 5472 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:57:05.0753 5472 WudfPf - ok
12:57:05.0779 5472 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:05.0783 5472 WUDFRd - ok
12:57:05.0829 5472 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
12:57:05.0855 5472 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:57:05.0855 5472 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:57:05.0886 5472 Boot (0x1200) (6729c2a2b23e8bcdb2f880e3ba5b5f96) \Device\Harddisk0\DR0\Partition0
12:57:05.0888 5472 \Device\Harddisk0\DR0\Partition0 - ok
12:57:05.0897 5472 Boot (0x1200) (84a9940b9084fe7da44832ad39d209bc) \Device\Harddisk0\DR0\Partition1
12:57:05.0899 5472 \Device\Harddisk0\DR0\Partition1 - ok
12:57:05.0923 5472 Boot (0x1200) (317becee12f06f381ff8d0eda2e8715e) \Device\Harddisk0\DR0\Partition2
12:57:05.0925 5472 \Device\Harddisk0\DR0\Partition2 - ok
12:57:05.0926 5472 ============================================================
12:57:05.0926 5472 Scan finished
12:57:05.0926 5472 ============================================================
12:57:05.0938 1880 Detected object count: 1
12:57:05.0938 1880 Actual detected object count: 1
12:57:26.0575 1880 \Device\Harddisk0\DR0\# - copied to quarantine
12:57:26.0576 1880 \Device\Harddisk0\DR0 - copied to quarantine
12:57:26.0613 1880 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:57:26.0616 1880 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:57:26.0619 1880 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
12:57:26.0630 1880 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:57:26.0638 1880 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:57:26.0639 1880 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:57:26.0641 1880 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:57:26.0642 1880 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:57:26.0645 1880 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:57:26.0647 1880 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:57:26.0649 1880 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:57:26.0652 1880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:57:26.0652 1880 \Device\Harddisk0\DR0 - ok
12:57:49.0950 1880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:58:06.0696 2664 Deinitialize success
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Thu Feb 16, 2012 11:37 am    Post subject: Reply with quote

Hi Rennix,
How is the computer performing now?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Thu Feb 16, 2012 11:55 am    Post subject: Reply with quote

I was able to connect to google for the first time in more than a week.

There has been some kind of error on reboot, some about Catalyst Control Centre not responding. AVG 2012 doesn't run at all, when I start the interface from Start/All Programs, nothing happens. I looked like Windows Firewall was running, but I don't know too much about that stuff.

Her computer is pretty fast and I don't use it much (unless there's some kind of a problem), so it's hard for me to judge it's performance.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Thu Feb 16, 2012 12:24 pm    Post subject: Reply with quote

Hi Rennix.
Quote:
I was able to connect to google for the first time in more than a week

Good that's a start Wink
Run the below scan for me please and i will see you again in the morning.

Please download Junction.zip and save it to your desktop.
  • Right click Junction.zip and choose extract all...
  • When the Compressed Folders Extraction wizard opens, click Next
  • Click Browse
  • When the "select a destination" box opens, click My Computer > Local Disk (C: > Windows > OK
  • Back at the Extraction Wizard, click Next.
  • Untick "Show Extracted Files" and click Finish
  • Now click on Start > All programs > Accessories > Run.
  • Copy and paste the contents of the codebox below into the run box.
  • (Do Not include Code:) Then click OK:
Code:
cmd /c junction -s c:\ >log.txt&log.txt&del log.txt

  • A command window will open and the system will be scanned. (Click Agree to the prompt)
  • Please be patient & wait untill a log file opens in notepad.
  • Copy and paste the contents of that file in your next reply.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Thu Feb 16, 2012 12:53 pm    Post subject: Reply with quote

I followed your instructions and only got a command prompt window to open for an instant. I then tried opening a command prompt on my own, switched to the windows directory and entered a slightly modified version of the script you sent, "junction -s c:\ >log.txt&log.txt&del log.txt". The output I got was "access denied."

I haven't completely forgotten how to use DOS. Smile
I miss DOS. Sad
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Fri Feb 17, 2012 3:03 am    Post subject: Reply with quote

Hi Rennix,
These things never seem to go as planned.
Please navigate to My Computer > Local Disk C: > Windows.
Delete the copy of Junction there, now download a fresh copy and save it directly to your C Drive.
So it should appear as C:\junction.exe.

Next.

  • Copy all text in the quote box (below)...to Notepad, Do not include the word Quote:
    Quote:
    @ECHO OFF
    cd c:\
    junction -s c:\>log.txt
    start log.txt
    del %0

  • Save it to your desktop as File name: junc.bat.
  • Save as type: All Files.

    junc.bat<<------------- you should see this on your desktop.
  • Right click on junc.bat and select " Run as administrator " to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • A file should appear on your Desktop. Please post the contents of this file.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Fri Feb 17, 2012 3:57 am    Post subject: Reply with quote

Hello Cypher,

All I got was an empty notepad with a title log.

Rennix
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Fri Feb 17, 2012 4:18 am    Post subject: Reply with quote

Hi Rennix,
Are you sure you saved Junction.exe on your C: Drive ?
If yes try the following, first delete any bat files on your desktop.

Next.

  • Copy all text in the quote box (below)...to Notepad, Do not include the word Quote:
    Quote:
    @echo off
    cd \
    if exist log.txt del log.txt
    junction -s > look.txt
    notepad look.txt
    del %0

  • Save it to your desktop as File name: junc.bat.
  • Save as type: All Files.

    junc.bat<<------------- you should see this on your desktop.
  • Right click on junc.bat and select " Run as administrator " to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • A file should appear on your Desktop. Please post the contents of this file.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Fri Feb 17, 2012 9:21 am    Post subject: Reply with quote

Hello Cypher,

Don't ask me why, but every time I ran junc.bat, I got an access denied until the last time I tried it and it worked. Maybe I'm not awake enough yet.

Rennix


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\C:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\C:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\C:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.\\?\C:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\C:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\C:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\C:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\C:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\C:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

..

...

...

.
Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\01905f3941215ffac875f2d016cdcc25_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\076cd621340b5bb89c4594044aa5071c_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\11687fbfc68cb142e855808c41b8a301_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\153deff218134998a3abf5e47ec8db7f_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\17e6326542e0c28d5e55a254b3f73e51_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2292bcf8f3e6d8e79a94eb99a3d8200b_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d28059f5007bf08e36cff2a5d592109_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2db8137a866dde2e1c5700de9f871e7c_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2e660431c39a45e474c7f0bc86c470e5_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ecf59964fda6be51e0917af33682d22_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3722b51be88d15a520d1f30711a1ce86_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ddc4e01722a05027fc0aa62f1a14dd0_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\432264667c11808d177d149c3acf7d35_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\437891b2b967d485be55107bff445b82_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52d34ad3a1307f8ff7ef8c1fab33d8f8_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\583f2729280a5d3a4ac381035f34e7a9_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c530dc9c54761d01ede04faba06295b_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5ebc43682790489ad20aeef223e84cb1_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ed631685453f6f09f9eba34fac3313e_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70aaab4b9967a37515b9e2a451407cf9_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\727fcd4f5abe75e6c8e8e3c0a614bb8d_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\78e747e84d9d71d9defaa93467a280e5_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7ea8c3de28a22a546fd86c4655bed9e5_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\87b01d42a2050f7ca8cbdb2227e3e37e_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ba11dac65f8d490413b6b227fb1f7a7_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f8c3319829a66ead02f6db73bd1b21b_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92876da76799fe383aad4f2d5933c732_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\93f1721bc435a87fe0225519a570c35c_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\95a7ae1ffc65e67fc155166ba6e30b8d_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98b0c1de765997261538aad0b865e425_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9ab47a3c10c210e7eb84aa454f116438_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9c752100abb30ebb4dda703d08699cce_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aab4bf948b310b5fb384f4c48641b8df_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ac5fc5d987357b09948bb70d765a0dc2_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ad2d0b43293306c073c7cc257a9c7ff3_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b26b06766626b171e0ddabefc1e34c3b_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc6449123c68c6c671b3efc3ce948a56_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc77a4ad29ad3fe9ee01d6663d612176_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c09ab3926d38a0d197a02fb6172cd65c_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d42ee9598eccc42d9ff08d78a273c560_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d5743519d1b6b0995f695f78aac7df98_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d5a39243699d331ca5f89b80eb41988d_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d7d7456e2cf510a6f0f6b7f60895d6f8_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db55c07975f79c7d398999ba8730db67_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e145940ee46deb98753caedc7a361d3f_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e1657b50d9832fcea6adeb98e9f5248d_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e2949b7bc9d092c0471114b9964f06d7_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e29e76ed95d2ce6fdb8ba4c8effd1623_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e317e51dfcd41d28a3f31588aa45d6bf_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eba3e2c63308f11015a9f5099218762c_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ec8a0db43a43a30575297d1bf16b43f9_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ed28e15b3f9f3f9554564c971639429a_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee32c2067aa5cb64694494c420eef917_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f60e7968533a8408369c2d1e5876ceed_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f716871354751e20dc147f9cb7262dbc_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f8e0a88ea2d7e5c907678fc2b24722ae_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f9463edab427840acc1753a985a7e445_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.


..

...

...

...

...

...


Failed to open \\?\C:\\Qoobox\BackEnv: Access is denied.


...

...
Failed to open \\?\C:\\System Volume Information\WindowsImageBackup: Access is denied.



Failed to open \\?\C:\\System Volume Information\{2c38e377-5810-11e1-8334-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{487ae8b9-52ac-11e1-9397-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{487ae8ce-52ac-11e1-9397-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{59ccfbca-580b-11e1-8e72-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{60d1d300-4c64-11e1-8613-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{60d1d31a-4c64-11e1-8613-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{60d1d33e-4c64-11e1-8613-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{60d1d54f-4c64-11e1-8613-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{9c6c9c13-5724-11e1-bac1-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{bd45aeb7-54e2-11e1-855c-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{c9d1ee79-5518-11e1-8c11-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{c9d1f07a-5518-11e1-8c11-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{d2ad13e0-57e9-11e1-8707-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{d2ad1448-57e9-11e1-8707-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\C:\\System Volume Information\{f59128cc-51f2-11e1-922d-6431501a5e5f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.




\\?\C:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\C:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\C:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\C:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\C:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\C:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\C:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\C:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

...

...

...


Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\01905f3941215ffac875f2d016cdcc25_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\076cd621340b5bb89c4594044aa5071c_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\11687fbfc68cb142e855808c41b8a301_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\153deff218134998a3abf5e47ec8db7f_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\17e6326542e0c28d5e55a254b3f73e51_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2292bcf8f3e6d8e79a94eb99a3d8200b_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2d28059f5007bf08e36cff2a5d592109_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2db8137a866dde2e1c5700de9f871e7c_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2e660431c39a45e474c7f0bc86c470e5_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2ecf59964fda6be51e0917af33682d22_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3722b51be88d15a520d1f30711a1ce86_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3ddc4e01722a05027fc0aa62f1a14dd0_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\432264667c11808d177d149c3acf7d35_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\437891b2b967d485be55107bff445b82_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\52d34ad3a1307f8ff7ef8c1fab33d8f8_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\583f2729280a5d3a4ac381035f34e7a9_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5c530dc9c54761d01ede04faba06295b_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5ebc43682790489ad20aeef223e84cb1_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6ed631685453f6f09f9eba34fac3313e_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\70aaab4b9967a37515b9e2a451407cf9_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\727fcd4f5abe75e6c8e8e3c0a614bb8d_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\78e747e84d9d71d9defaa93467a280e5_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7ea8c3de28a22a546fd86c4655bed9e5_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\87b01d42a2050f7ca8cbdb2227e3e37e_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8ba11dac65f8d490413b6b227fb1f7a7_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8f8c3319829a66ead02f6db73bd1b21b_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\92876da76799fe383aad4f2d5933c732_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\93f1721bc435a87fe0225519a570c35c_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\95a7ae1ffc65e67fc155166ba6e30b8d_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\98b0c1de765997261538aad0b865e425_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9ab47a3c10c210e7eb84aa454f116438_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9c752100abb30ebb4dda703d08699cce_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\aab4bf948b310b5fb384f4c48641b8df_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ac5fc5d987357b09948bb70d765a0dc2_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ad2d0b43293306c073c7cc257a9c7ff3_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b26b06766626b171e0ddabefc1e34c3b_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bc6449123c68c6c671b3efc3ce948a56_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bc77a4ad29ad3fe9ee01d6663d612176_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c09ab3926d38a0d197a02fb6172cd65c_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d42ee9598eccc42d9ff08d78a273c560_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d5743519d1b6b0995f695f78aac7df98_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d5a39243699d331ca5f89b80eb41988d_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d7d7456e2cf510a6f0f6b7f60895d6f8_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\db55c07975f79c7d398999ba8730db67_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e145940ee46deb98753caedc7a361d3f_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e1657b50d9832fcea6adeb98e9f5248d_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e2949b7bc9d092c0471114b9964f06d7_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e29e76ed95d2ce6fdb8ba4c8effd1623_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e317e51dfcd41d28a3f31588aa45d6bf_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\eba3e2c63308f11015a9f5099218762c_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ec8a0db43a43a30575297d1bf16b43f9_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ed28e15b3f9f3f9554564c971639429a_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ee32c2067aa5cb64694494c420eef917_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f60e7968533a8408369c2d1e5876ceed_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f716871354751e20dc147f9cb7262dbc_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f8e0a88ea2d7e5c907678fc2b24722ae_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.



Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f9463edab427840acc1753a985a7e445_dc7ec496-4bad-4ab1-b014-ef7edc933907: Access is denied.


...

...

...

...

...

...\\?\C:\\Users\Colleen\Application Data: JUNCTION
Print Name : C:\Users\Colleen\AppData\Roaming
Substitute Name: C:\Users\Colleen\AppData\Roaming

\\?\C:\\Users\Colleen\Cookies: JUNCTION
Print Name : C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Cookies

\\?\C:\\Users\Colleen\Local Settings: JUNCTION
Print Name : C:\Users\Colleen\AppData\Local
Substitute Name: C:\Users\Colleen\AppData\Local

\\?\C:\\Users\Colleen\My Documents: JUNCTION
Print Name : C:\Users\Colleen\Documents
Substitute Name: C:\Users\Colleen\Documents

\\?\C:\\Users\Colleen\NetHood: JUNCTION
Print Name : C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Network Shortcuts



\\?\C:\\Users\Colleen\PrintHood: JUNCTION
Print Name : C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\C:\\Users\Colleen\Recent: JUNCTION
Print Name : C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Recent

\\?\C:\\Users\Colleen\SendTo: JUNCTION
Print Name : C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\SendTo

\\?\C:\\Users\Colleen\Start Menu: JUNCTION
Print Name : C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\C:\\Users\Colleen\Templates: JUNCTION
Print Name : C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Templates

\\?\C:\\Users\Colleen\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Colleen\AppData\Local
Substitute Name: C:\Users\Colleen\AppData\Local

\\?\C:\\Users\Colleen\AppData\Local\History: JUNCTION
Print Name : C:\Users\Colleen\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Colleen\AppData\Local\Microsoft\Windows\History

\\?\C:\\Users\Colleen\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Colleen\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Colleen\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...

...

...\\?\C:\\Users\Colleen\AppData\LocalLow\PlayReady: JUNCTION
Print Name : C:\ProgramData\Microsoft\PlayReady
Substitute Name: C:\ProgramData\Microsoft\PlayReady



...

...

..\\?\C:\\Users\Colleen\Documents\My Music: JUNCTION
Print Name : C:\Users\Colleen\Music
Substitute Name: C:\Users\Colleen\Music

\\?\C:\\Users\Colleen\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Colleen\Pictures
Substitute Name: C:\Users\Colleen\Pictures

\\?\C:\\Users\Colleen\Documents\My Videos: JUNCTION
Print Name : C:\Users\Colleen\Videos
Substitute Name: C:\Users\Colleen\Videos

.

...

...

...

...

...

\\?\C:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\C:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\C:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\C:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

.\\?\C:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\C:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\C:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\C:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\C:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\C:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\C:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\C:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

..\\?\C:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\C:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\C:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\C:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\C:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\C:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos



...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\C:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Nov 2014
Posts: 4728
Location: Land Of The Leprechauns

PostPosted: Fri Feb 17, 2012 10:06 am    Post subject: Reply with quote

Hi Rennix,
Quote:
Don't ask me why, but every time I ran junc.bat, I got an access denied until the last time I tried it and it worked. Maybe I'm not awake enough yet.

Don't worry you're doing great so far Big Thumb Up
Ok, apart from the problem with AVG have you noticed any other problems with the computer?
I haven't forgotten about the external HD.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Rennix1957
Junior Member


Joined: 11 Feb 2012
Last Visit: 29 Feb 2012
Posts: 28

PostPosted: Fri Feb 17, 2012 10:26 am    Post subject: Reply with quote

There is that Catalyst Control Centre not responding error on start up, I have no idea what that is. But other than that I haven't noticed anything.
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group