Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continually redirected from google searches!


  • This topic is locked This topic is locked
11 replies to this topic

#1 bandalf

bandalf

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 28 February 2011 - 07:18 PM

Whenever I search a link through Google, and I click on the website that I wish to go to, I am often redirected to a random website. I usually have to click on the link I want several times before I actually am allowed to go to the website I want.



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Seth at 19:05:27.17 on 28/02/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4021.1933 [GMT -5:00]

AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

============== Running Processes ===============

D:\PROGRA~2\AVG\AVG10\avgchsva.exe
D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\system32\atiesrxx.exe
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
D:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files (x86)\AVG\AVG10\avgfws.exe
D:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
D:\Program Files (x86)\Bonjour\mDNSResponder.exe
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
D:\Windows\system32\svchost.exe -k imgsvc
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files (x86)\AVG\AVG10\avgam.exe
D:\Program Files (x86)\AVG\AVG10\avgnsa.exe
D:\Program Files (x86)\AVG\AVG10\avgemca.exe
D:\Windows\system32\conhost.exe
D:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
D:\Windows\system32\svchost.exe -k bthsvcs
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
D:\Windows\system32\SearchIndexer.exe
D:\Windows\system32\wbem\wmiprvse.exe
D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
D:\Windows\system32\atieclxx.exe
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
D:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
D:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
D:\Program Files\Elantech\ETDCtrl.exe
D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Elantech\ETDCtrlHelper.exe
D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
D:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
D:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
D:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\AVG\AVG10\avgtray.exe
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Windows\system32\wbem\wmiprvse.exe
D:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
D:\Windows\system32\conhost.exe
D:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Windows\system32\DllHost.exe
D:\PROGRA~2\AVG\AVG10\avgrsa.exe
D:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\servicing\TrustedInstaller.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Windows\system32\DllHost.exe
D:\Windows\system32\DllHost.exe
D:\Users\Seth\Downloads\dds.scr
D:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - D:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HControlUser] D:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] D:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] D:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [SunJavaUpdateSched] "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] D:\Program Files (x86)\AVG\AVG10\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - D:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [AmIcoSinglun64] D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;D:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;D:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgfwfd;AVG network filter service;D:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;D:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;D:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;D:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 vwififlt;Virtual WiFi Filter Driver;D:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;D:\Windows\System32\atiesrxx.exe [2010-11-25 203776]
R2 avgfws;AVG Firewall;D:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;D:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;D:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-31 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service;D:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-24 2314240]
R3 amdkmdag;amdkmdag;D:\Windows\System32\drivers\atikmdag.sys [2010-11-25 8120320]
R3 amdkmdap;amdkmdap;D:\Windows\System32\drivers\atikmpag.sys [2010-11-25 289792]
R3 AVGIDSDriver;AVGIDSDriver;D:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;D:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 ETD;ELAN PS/2 Port Input Device;D:\Windows\System32\drivers\ETD.sys [2011-1-24 128512]
R3 HECIx64;Intel® Management Engine Interface;D:\Windows\System32\drivers\HECIx64.sys [2011-1-24 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;D:\Windows\System32\drivers\L1C62x64.sys [2011-1-24 75816]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;D:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;D:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;D:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-27 20992]
S3 TsUsbFlt;TsUsbFlt;D:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;D:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;D:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-24 1255736]

=============== Created Last 30 ================

2011-02-27 23:32:45 -------- d-----w- D:\Windows\System32\SPReview
2011-02-27 23:32:02 -------- d-----w- D:\Windows\System32\EventProviders
2011-02-27 23:28:56 5066752 ----a-w- D:\Windows\SysWow64\AuthFWSnapin.dll
2011-02-27 23:26:59 72192 ----a-w- D:\Windows\System32\napdsnap.dll
2011-02-27 23:22:16 529408 ----a-w- D:\Windows\System32\wbemcomn.dll
2011-02-27 23:22:16 524288 ----a-w- D:\Windows\System32\wmicmiplugin.dll
2011-02-27 23:22:16 1225216 ----a-w- D:\Windows\System32\wbem\wbemcore.dll
2011-02-27 23:21:59 933376 ----a-w- D:\Windows\System32\SmiEngine.dll
2011-02-27 23:21:49 199168 ----a-w- D:\Windows\System32\PkgMgr.exe
2011-02-27 23:21:13 422912 ----a-w- D:\Windows\System32\drvstore.dll
2011-02-27 23:21:13 399872 ----a-w- D:\Windows\System32\dpx.dll
2011-02-27 22:24:38 -------- d-----w- D:\Program Files (x86)\VideoLAN
2011-02-25 19:22:51 -------- d-----w- D:\Users\Seth\AppData\Roaming\AVG
2011-02-25 18:56:49 -------- d--h--w- D:\$AVG
2011-02-25 18:11:39 -------- d-----w- D:\Users\Seth\AppData\Roaming\AVG10
2011-02-25 18:07:46 -------- d--h--w- D:\PROGRA~3\Common Files
2011-02-25 18:07:34 -------- d-----w- D:\Windows\SysWow64\drivers\AVG
2011-02-25 18:06:59 -------- d-----w- D:\Windows\System32\drivers\AVG
2011-02-25 18:06:59 -------- d-----w- D:\PROGRA~3\AVG10
2011-02-25 18:06:30 -------- d-----w- D:\Program Files (x86)\AVG
2011-02-25 17:33:12 -------- d-----w- D:\PROGRA~3\MFAData
2011-02-24 05:16:23 -------- d-----w- D:\Users\Seth\AppData\Roaming\Malwarebytes
2011-02-24 05:16:19 38224 ----a-w- D:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-24 05:16:19 -------- d-----w- D:\PROGRA~3\Malwarebytes
2011-02-24 05:16:16 24152 ----a-w- D:\Windows\System32\drivers\mbam.sys
2011-02-24 05:16:16 -------- d-----w- D:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-23 18:41:58 -------- d-----w- D:\Users\Seth\AppData\Local\{16F11F1D-74A1-4F25-A03C-114414793459}
2011-02-23 18:24:31 870912 ----a-w- D:\Windows\SysWow64\XpsPrint.dll
2011-02-23 18:24:31 475648 ----a-w- D:\Windows\System32\XpsGdiConverter.dll
2011-02-23 18:24:31 288256 ----a-w- D:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 18:24:31 1465344 ----a-w- D:\Windows\System32\XpsPrint.dll
2011-02-22 23:18:14 -------- d-----w- D:\Users\Seth\AppData\Local\{44576123-0333-468C-AACD-EA2A2A0B1BD8}
2011-02-22 23:12:00 -------- d-----w- D:\Windows\en
2011-02-22 23:10:25 -------- d-----w- D:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-22 23:08:06 -------- d-----w- D:\Windows\PCHEALTH
2011-02-22 23:07:01 94040 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\364fbbca1cbd2e507\DSETUP.dll
2011-02-22 23:07:01 525656 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\364fbbca1cbd2e507\DXSETUP.exe
2011-02-22 23:07:01 1691480 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\364fbbca1cbd2e507\dsetup32.dll
2011-02-22 23:06:55 94040 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\32a2f9b41cbd2e506\DSETUP.dll
2011-02-22 23:06:55 525656 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\32a2f9b41cbd2e506\DXSETUP.exe
2011-02-22 23:06:55 1691480 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\32a2f9b41cbd2e506\dsetup32.dll
2011-02-22 23:02:47 -------- d-----w- D:\Users\Seth\AppData\Local\Windows Live
2011-02-22 23:02:47 -------- d-----w- D:\Program Files (x86)\Common Files\Windows Live
2011-02-22 22:07:20 -------- d-----w- D:\Users\Seth\AppData\Local\Apple Computer
2011-02-22 22:07:05 34152 ----a-w- D:\Windows\System32\drivers\GEARAspiWDM.sys
2011-02-22 22:07:05 126312 ----a-w- D:\Windows\System32\GEARAspi64.dll
2011-02-22 22:07:05 107368 ----a-w- D:\Windows\SysWow64\GEARAspi.dll
2011-02-22 22:06:43 -------- d-----w- D:\Program Files\iTunes
2011-02-22 22:06:43 -------- d-----w- D:\Program Files\iPod
2011-02-22 22:06:43 -------- d-----w- D:\Program Files (x86)\iTunes
2011-02-22 22:06:43 -------- d-----w- D:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-22 22:04:15 -------- d-----w- D:\Users\Seth\AppData\Local\Apple
2011-02-22 22:03:57 -------- d-----w- D:\Program Files\Bonjour
2011-02-22 22:03:57 -------- d-----w- D:\Program Files (x86)\Bonjour
2011-02-22 19:07:43 230400 ----a-w- D:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-02-22 19:07:43 230400 ----a-w- D:\Windows\System32\Spool\prtprocs\x64\1_hpzppw71.dll
2011-02-22 19:07:38 33792 ----a-w- D:\Windows\System32\Spool\prtprocs\x64\ssp4mpc.dll
2011-02-22 18:30:48 -------- dc----w- D:\Users\Seth\AppData\Local\MigWiz
2011-02-22 18:03:28 7844688 ----a-w- D:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{5D538A6F-014D-4F6E-819F-EEA0EB184F99}\mpengine.dll
2011-02-20 20:18:47 -------- d-----w- D:\Users\Seth\AppData\Local\Diagnostics
2011-02-19 17:25:10 -------- d-----w- D:\Users\Seth\AppData\Local\My Games
2011-02-17 21:36:13 1638912 ----a-w- D:\Windows\SysWow64\mshtml.tlb
2011-02-17 21:36:12 1638912 ----a-w- D:\Windows\System32\mshtml.tlb
2011-02-17 21:36:04 715776 ----a-w- D:\Windows\System32\kerberos.dll
2011-02-17 21:36:04 542208 ----a-w- D:\Windows\SysWow64\kerberos.dll
2011-02-17 21:36:02 3129344 ----a-w- D:\Windows\System32\win32k.sys
2011-02-17 21:35:44 214016 ----a-w- D:\Windows\System32\winsrv.dll
2011-02-17 21:35:42 612864 ----a-w- D:\Windows\System32\vbscript.dll
2011-02-17 21:35:41 428032 ----a-w- D:\Windows\SysWow64\vbscript.dll
2011-02-17 21:35:36 46080 ----a-w- D:\Windows\System32\atmlib.dll
2011-02-17 21:35:36 366592 ----a-w- D:\Windows\System32\atmfd.dll
2011-02-17 21:35:36 34304 ----a-w- D:\Windows\SysWow64\atmlib.dll
2011-02-17 21:35:36 294400 ----a-w- D:\Windows\SysWow64\atmfd.dll
2011-02-17 21:35:35 70656 ----a-w- D:\Windows\SysWow64\fontsub.dll
2011-02-17 21:35:35 100864 ----a-w- D:\Windows\System32\fontsub.dll
2011-01-31 20:04:19 -------- d-----w- D:\Users\Seth\AppData\Local\ESET
2011-01-31 17:58:08 -------- d-----w- D:\Program Files (x86)\Spybot - Search & Destroy
2011-01-31 17:58:08 -------- d-----w- D:\PROGRA~3\Spybot - Search & Destroy
2011-01-31 17:33:47 381144 ----a-w- D:\Windows\sediag.exe

==================== Find3M ====================

2011-02-27 23:40:58 175616 ----a-w- D:\Windows\System32\msclmd.dll
2011-02-27 23:40:58 152576 ----a-w- D:\Windows\SysWow64\msclmd.dll
2011-02-02 22:11:20 270720 ------w- D:\Windows\System32\MpSigStub.exe
2011-01-25 04:18:15 411368 ----a-w- D:\Windows\SysWow64\deployJava1.dll
2011-01-25 00:02:18 0 ----a-w- D:\Windows\ativpsrm.bin
2010-12-14 23:51:20 51712 ----a-w- D:\Windows\System32\drivers\usbaapl64.sys
2010-12-14 23:51:20 4184352 ----a-w- D:\Windows\System32\usbaaplrc.dll
2010-12-08 09:12:36 308304 ----a-w- D:\Windows\System32\drivers\avgldx64.sys
2010-12-07 17:17:20 51200 ----a-w- D:\Windows\SysWow64\OpenCL.dll
2010-12-07 17:15:30 52736 ----a-w- D:\Windows\System32\OpenCL.dll

============= FINISH: 19:06:43.18 ===============

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:37 PM

Posted 28 February 2011 - 07:39 PM

Hello bandalf,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

2.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

3.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

4.
Download Bootkit Remover to your desktop

1. Extract the file to your desktop.
2. Double click Remover.exe to run it (Right click and run as Administrator for Vista).
3. It will show a Black screen with some data on it.
4. Right click on the screen and choose [/b]Select All[/b].
5. Press Control+C (to copy the data).
6. Open a notepad, Click on Edit tab > paste.
7. Exit the Remover.exe window.
8. Please post the contents of the notepad when you reply.

5.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


Things to include in your next reply::
TDSSkiller log
BootKitRemover log
MBRCheck.exe log
A new DDS log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 bandalf

bandalf
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 28 February 2011 - 08:37 PM

Thank you for your prompt reply! I did my best to follow your instructions as they were given. I did have to download a program to extract the bootkit remover. I hope that doesn't jeopardize this project. installed 7-zip.

As for how my pc is running at the moment: I did a couple of searches through Google and it seemed to me that there were less redirects. Also, I haven't seen any more "google-analytics" tabs open up. I'm not sure if they were legit to begin with, and I failed to mention them in my original post, but I had suspected them to be some kind of virus/malware. Here are the logs you asked for, and thank you again for your attention and help! I really appreciate it :)


Bootkit Remover
© 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
-bit

System volume is \\.\D:
main(): CreateFile() ERROR 5
ERROR: Can't open volume device \\.\D:

Done;
Press any key to quit...

.\debug.cpp(238) : Debug log started at 01.03.2011 - 01:19:26
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : © 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x02e5d000 0x005ea000 "\SystemRoot\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x02e14000 0x00049000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x00ba9000 0x0000a000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x00cfc000 0x0004f000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x00d4b000 0x00014000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x00d5f000 0x0005e000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x00c00000 0x000c0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x00e42000 0x000a4000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x00ee6000 0x0000f000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x00ef5000 0x00057000 "\SystemRoot\system32\drivers\ACPI.sys"
.\debug.cpp(256) : 0x00f4c000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x00f55000 0x0000a000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x00f5f000 0x00033000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x00f92000 0x0000d000 "\SystemRoot\system32\drivers\vdrvroot.sys"
.\debug.cpp(256) : 0x00f9f000 0x00015000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x00fb4000 0x00009000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x00fbd000 0x0000c000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x00fc9000 0x00015000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x010af000 0x0005c000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x0110b000 0x0001a000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x01125000 0x0003c000 "\SystemRoot\system32\drivers\vmbus.sys"
.\debug.cpp(256) : 0x01161000 0x00014000 "\SystemRoot\system32\drivers\winhv.sys"
.\debug.cpp(256) : 0x01214000 0x0011c000 "\SystemRoot\system32\DRIVERS\iaStor.sys"
.\debug.cpp(256) : 0x01330000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x01339000 0x0002a000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x01363000 0x0000b000 "\SystemRoot\system32\drivers\msahci.sys"
.\debug.cpp(256) : 0x0136e000 0x00010000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x0137e000 0x0000b000 "\SystemRoot\system32\drivers\amdxata.sys"
.\debug.cpp(256) : 0x01389000 0x0004c000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x013d5000 0x00014000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x01409000 0x001a3000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x01175000 0x0005e000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x015ac000 0x0001b000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x01000000 0x00072000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x015c7000 0x00011000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x015d8000 0x0000a000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x016a2000 0x000f3000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x01795000 0x00060000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x01600000 0x0002b000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x01853000 0x00204000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x01a57000 0x0004a000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x01aa1000 0x00010000 "\SystemRoot\system32\drivers\vmstorfl.sys"
.\debug.cpp(256) : 0x01ab1000 0x0004c000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x01afd000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x01b05000 0x0003a000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x01b3f000 0x00012000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x01b51000 0x00009000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x01b5a000 0x0003a000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x01b94000 0x00016000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x01baa000 0x00030000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x01bda000 0x0000a000 "\SystemRoot\system32\DRIVERS\avgrkx64.sys"
.\debug.cpp(256) : 0x01be4000 0x0000a000 "\SystemRoot\system32\DRIVERS\AVGIDSEH.Sys"
.\debug.cpp(256) : 0x02e13000 0x0002a000 "\SystemRoot\system32\drivers\cdrom.sys"
.\debug.cpp(256) : 0x02e3d000 0x0000f000 "\SystemRoot\system32\DRIVERS\avgmfx64.sys"
.\debug.cpp(256) : 0x02e4c000 0x00009000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x02e55000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x02e5c000 0x0000e000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x02e6a000 0x00025000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x02e8f000 0x00010000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x02e9f000 0x00009000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x02ea8000 0x00009000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x02eb1000 0x00009000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x02eba000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x02ec5000 0x00011000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x01800000 0x00011000 "\SystemRoot\system32\DRIVERS\avgfwd6a.sys"
.\debug.cpp(256) : 0x01811000 0x00022000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x01833000 0x0000d000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x0162b000 0x00061000 "\SystemRoot\system32\DRIVERS\avgtdia.sys"
.\debug.cpp(256) : 0x03eaf000 0x00045000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x03ef4000 0x00089000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x03f7d000 0x00009000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x03f86000 0x00026000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x03fac000 0x00016000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x03fc2000 0x0000f000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x03fd1000 0x0001b000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x03fec000 0x00014000 "\SystemRoot\system32\drivers\termdd.sys"
.\debug.cpp(256) : 0x03e00000 0x00051000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x03e51000 0x0000c000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x03e5d000 0x0000b000 "\SystemRoot\system32\drivers\mssmbios.sys"
.\debug.cpp(256) : 0x03e68000 0x0000f000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x044ad000 0x00083000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x04530000 0x0001e000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x0454e000 0x00011000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x0455f000 0x00050000 "\SystemRoot\system32\DRIVERS\avgldx64.sys"
.\debug.cpp(256) : 0x045af000 0x00026000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x04400000 0x0004c000 "\SystemRoot\system32\DRIVERS\atikmpag.sys"
.\debug.cpp(256) : 0x04c52000 0x00811000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x05463000 0x000f4000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x05557000 0x00046000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x0559d000 0x00024000 "\SystemRoot\system32\drivers\HDAudBus.sys"
.\debug.cpp(256) : 0x055c1000 0x00011000 "\SystemRoot\system32\DRIVERS\HECIx64.sys"
.\debug.cpp(256) : 0x055d2000 0x00011000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x0444c000 0x00056000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x04c00000 0x00009000 "\SystemRoot\system32\drivers\HIDPARSE.SYS"
.\debug.cpp(256) : 0x04616000 0x0017d000 "\SystemRoot\system32\DRIVERS\athrx.sys"
.\debug.cpp(256) : 0x04793000 0x0000d000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x047a0000 0x00030000 "\SystemRoot\system32\DRIVERS\nusb3xhc.sys"
.\debug.cpp(256) : 0x047d0000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x04c09000 0x0001e000 "\SystemRoot\system32\drivers\i8042prt.sys"
.\debug.cpp(256) : 0x04c27000 0x00025000 "\SystemRoot\system32\DRIVERS\ETD.sys"
.\debug.cpp(256) : 0x047d2000 0x0000f000 "\SystemRoot\system32\drivers\mouclass.sys"
.\debug.cpp(256) : 0x04600000 0x00008000 "\SystemRoot\system32\DRIVERS\kbfiltr.sys"
.\debug.cpp(256) : 0x055e3000 0x0000f000 "\SystemRoot\system32\drivers\kbdclass.sys"
.\debug.cpp(256) : 0x04608000 0x0000d000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x047e1000 0x00005000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x045d5000 0x00016000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x055f2000 0x00008000 "\SystemRoot\system32\DRIVERS\ATK64AMD.sys"
.\debug.cpp(256) : 0x045eb000 0x00010000 "\SystemRoot\system32\drivers\CompositeBus.sys"
.\debug.cpp(256) : 0x03e77000 0x00016000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x01072000 0x00024000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x03e8d000 0x0000c000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x00e00000 0x0002f000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x015e2000 0x0001b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x011d3000 0x00021000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x00fde000 0x0001a000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x044a2000 0x0000b000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x047fc000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
.\debug.cpp(256) : 0x00dbd000 0x00043000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0x03e99000 0x00012000 "\SystemRoot\system32\drivers\umbus.sys"
.\debug.cpp(256) : 0x05898000 0x0005a000 "\SystemRoot\system32\drivers\usbhub.sys"
.\debug.cpp(256) : 0x05907000 0x00017000 "\SystemRoot\system32\DRIVERS\nusb3hub.sys"
.\debug.cpp(256) : 0x05948000 0x00015000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x0595d000 0x00030000 "\SystemRoot\system32\drivers\RtHDMIVX.sys"
.\debug.cpp(256) : 0x0598d000 0x0003d000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x059ca000 0x00022000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x059ec000 0x00006000 "\SystemRoot\system32\drivers\ksthunk.sys"
.\debug.cpp(256) : 0x06623000 0x00227000 "\SystemRoot\system32\drivers\RTKVHD64.sys"
.\debug.cpp(256) : 0x0689a000 0x0001d000 "\SystemRoot\system32\drivers\usbccgp.sys"
.\debug.cpp(256) : 0x06243000 0x001b8000 "\SystemRoot\system32\DRIVERS\snp2uvc.sys"
.\debug.cpp(256) : 0x06200000 0x00011000 "\SystemRoot\system32\DRIVERS\STREAM.SYS"
.\debug.cpp(256) : 0x06211000 0x00009000 "\SystemRoot\system32\DRIVERS\sncduvc.SYS"
.\debug.cpp(256) : 0x069da000 0x0000e000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x02ed6000 0x0011c000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
.\debug.cpp(256) : 0x069e8000 0x00013000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x00020000 0x00311000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x06600000 0x0000c000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x005c0000 0x0000a000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x00740000 0x00027000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x0685b000 0x00023000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x05800000 0x00021000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x0687e000 0x00015000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x05821000 0x00053000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x068b7000 0x00013000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x05874000 0x00018000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x040e4000 0x000c9000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x041ad000 0x0001e000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x041cb000 0x00018000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x04000000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x0402d000 0x0004d000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x0407a000 0x00024000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x0409e000 0x0000c000 "\SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys"
.\debug.cpp(256) : 0x06cbe000 0x000a6000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x06d64000 0x0000b000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x06d6f000 0x00031000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x06da0000 0x00012000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x06db2000 0x00034000 "\SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys"
.\debug.cpp(256) : 0x06c00000 0x0006b000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x07c94000 0x00099000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x07d2d000 0x00036000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x07dd4000 0x0000b000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0x07c11000 0x00018000 "\SystemRoot\System32\Drivers\BTHUSB.sys"
.\debug.cpp(256) : 0x068ca000 0x0008c000 "\SystemRoot\System32\Drivers\bthport.sys"
.\debug.cpp(256) : 0x07c29000 0x0002c000 "\SystemRoot\system32\DRIVERS\rfcomm.sys"
.\debug.cpp(256) : 0x07c55000 0x00010000 "\SystemRoot\system32\drivers\BthEnum.sys"
.\debug.cpp(256) : 0x07c65000 0x00020000 "\SystemRoot\system32\DRIVERS\bthpan.sys"
.\debug.cpp(256) : 0x07d74000 0x00015000 "\SystemRoot\system32\DRIVERS\L1C62x64.sys"
.\debug.cpp(256) : 0x07d89000 0x0000e000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x07d97000 0x0000e000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x07da5000 0x00019000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x07dbe000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x77360000 0x001a9000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x47d30000 0x00020000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0xff680000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0B05&PID_1788#1C4BD61B35F4#{0850302a-b344-4fda-9be9-90576b8d46f0}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&104886e2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_104313D3&REV_1000#4&26c332eb&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d6d70ef0-2828-11e0-9040-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f498da7e-2811-11e0-9ae6-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAviLdr"
.\debug.cpp(400) : Destination "\Device\AvgAviLdrDev"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{099C1BF4-7828-467D-9E13-6BB856A95424}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&1064ca8&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&1064ca8&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{f498da73-2811-11e0-9ae6-806e6f6e6963}#0000000000007E00#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTH#MS_BTHPAN#7&e7ad873&0&2#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000096"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_104313D3&REV_1000#4&26c332eb&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel®_Core™_i7_CPU_______Q_740__@_1.73GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&1064ca8&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_104313D3&REV_1000#4&26c332eb&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0B05&PID_1788#1C4BD61B35F4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0194&SUBSYS_10191043&REV_03#FFFFFFFFFFFFFFFF00#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD9"
.\debug.cpp(400) : Destination "\??\PCI#VEN_1033&DEV_0194&SUBSYS_10191043&REV_03#FFFFFFFFFFFFFFFF00#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E43D242B-9EAB-4626-A952-46649FBB939A}"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000088"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination "\Device\AgileVPN"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_68C0&SUBSYS_1C221043&REV_00#4&1dd391aa&0&0018#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\iaStor0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination "\Device\IPSECDOSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Avgfwfd"
.\debug.cpp(400) : Destination "\Device\Avgfwfd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination "\Device\Video5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_104313D3&REV_1000#4&26c332eb&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel®_Core™_i7_CPU_______Q_740__@_1.73GHz#_5#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) : Destination "\Device\vwififlt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#001517FFFF24141200#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_BD__E__DS4E1S__________________EA2B____#4&19e15798&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel®_Core™_i7_CPU_______Q_740__@_1.73GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_13D3&PID_5122#USB2.0_UVC_2M_WebCam#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) : Destination "\Device\ASYNCMAC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination "\Device\SPDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HSD0640#5&26b3a594&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\00000099"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0#FF459FDF20CF30FF00#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000008a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{f498da73-2811-11e0-9ae6-806e6f6e6963}#00000004E22CEC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3FA126E3-15BF-41E5-95DB-E961E42538EC}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_104313D3&REV_1000#4&26c332eb&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_13D3&PID_5122&MI_00#7&458bfa4&0&0000#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"
.\debug.cpp(400) : Destination "\Device\0000007e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Evt"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Evt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&12d3f4f0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel®_Core™_i7_CPU_______Q_740__@_1.73GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Dbg"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Dbg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Ack"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Ack"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&1064ca8&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#001517FFFF24141200#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel®_Core™_i7_CPU_______Q_740__@_1.73GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel®_Core™_i7_CPU_______Q_740__@_1.73GHz#_8#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&1064ca8&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAntiRootkit"
.\debug.cpp(400) : Destination "\Device\AvgAntiRootkit"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0DA9ED51-E68B-47E3-95A6-2FD017690723}"
.\debug.cpp(400) : Destination "\Device\NDMP16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&1064ca8&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgTdi"
.\debug.cpp(400) : Destination "\Device\AvgTdi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HSD0640#5&26b3a594&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\00000099"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST9500420AS_____________________________0003SDM1#4&19e15798&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination "\Device\nativewifip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Ctl"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Ctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUSB3#ROOT_HUB30#5&1bc41797&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_13D3&PID_5122&MI_00#7&458bfa4&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B3C&SUBSYS_1C771043&REV_06#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0020#5&35f39389&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel®_Core™_i7_CPU_______Q_740__@_1.73GHz#_6#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Avg7Rs"
.\debug.cpp(400) : Destination "\Device\Avg7Rs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_Intel64_Family_6_Model_30_-_Intel®_Core™_i7_CPU_______Q_740__@_1.73GHz#_7#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ETD"
.\debug.cpp(400) : Destination "\Device\ETD"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) : Destination "\Device\WwanProt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{78032B7E-4968-42D3-9F37-287EA86C0AAA}"
.\debug.cpp(400) : Destination "\Device\NDMP21"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BthPan"
.\debug.cpp(400) : Destination "\Device\BthPan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0736&Col01#7&31ac4bc0&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000009a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_13D3&PID_5122&MI_00#7&458bfa4&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ETD0001#4&142dd991&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EC0B24E-0B32-47AE-B65B-4F97451FC55E}"
.\debug.cpp(400) : Destination "\Device\NDMP17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\KBFiltr"
.\debug.cpp(400) : Destination "\Device\KBFiltr0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0020#5&f2fc40c&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&142dd991&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000006c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9D681BFA-D651-4A5D-AEBE-BDD73AABF401}"
.\debug.cpp(400) : Destination "\Device\NDMP19"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B0C375DE-07F0-4CD6-B4FE-EDB9000BF85B}"
.\debug.cpp(400) : Destination "\Device\NDMP20"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BTH#MS_BTHPAN#7&e7ad873&0&2#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000096"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d6d70eef-2828-11e0-9040-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B34&SUBSYS_1C771043&REV_06#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C8DBC5CB-9C98-4582-BC00-CEAEFF1A6156}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B29&SUBSYS_1C771043&REV_06#3&11583659&0&FA#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination "\Device\TeredoTun"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUSB3#ROOT_HUB30#5&1bc41797&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0736&Col01#7&31ac4bc0&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000009a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}"
.\debug.cpp(400) : Destination "\Device\NDMP14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01#001517FFFF24141200#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_BD__E__DS4E1S__________________EA2B____#4&19e15798&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FAA8F2F0-373B-45FF-BA2C-41425A424940}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000008a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{f498da73-2811-11e0-9ae6-806e6f6e6963}#00000021FE400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDSErHr"
.\debug.cpp(400) : Destination "\Device\AVGIDSErHr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B64&SUBSYS_1C771043&REV_06#3&11583659&0&B0#{e2d1ff34-3458-49a9-88da-8e6915ce9be5}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_104313D3&REV_1000#4&26c332eb&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_68C0&SUBSYS_1C221043&REV_00#4&1dd391aa&0&0018#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Oceanus.00"
.\debug.cpp(400) : Destination "\Device\Oceanus.00"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0#FF459FDF20CF30FF00#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0194&SUBSYS_10191043&REV_03#FFFFFFFFFFFFFFFF00#{ac051b02-603b-4b3c-b14b-95c9268de081}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_0736#6&2582bedf&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_104313D3&REV_1000#4&26c332eb&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) : Destination "\Device\ATKACPI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0736&Col02#7&31ac4bc0&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000009b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\D:
.\boot_cleaner.cpp(673) : main(): CreateFile() ERROR 5
.\boot_cleaner.cpp(674) : ERROR: Can't open volume device \\.\D:
.\boot_cleaner.cpp(1151) : Done;


2011/02/28 20:14:46.0601 9536 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/28 20:14:47.0583 9536 ================================================================================
2011/02/28 20:14:47.0583 9536 SystemInfo:
2011/02/28 20:14:47.0583 9536
2011/02/28 20:14:47.0583 9536 OS Version: 6.1.7601 ServicePack: 1.0
2011/02/28 20:14:47.0583 9536 Product type: Workstation
2011/02/28 20:14:47.0583 9536 ComputerName: HOBBES
2011/02/28 20:14:47.0583 9536 UserName: Seth
2011/02/28 20:14:47.0583 9536 Windows directory: D:\Windows
2011/02/28 20:14:47.0583 9536 System windows directory: D:\Windows
2011/02/28 20:14:47.0583 9536 Running under WOW64
2011/02/28 20:14:47.0583 9536 Processor architecture: Intel x64
2011/02/28 20:14:47.0583 9536 Number of processors: 8
2011/02/28 20:14:47.0583 9536 Page size: 0x1000
2011/02/28 20:14:47.0583 9536 Boot type: Normal boot
2011/02/28 20:14:47.0583 9536 ================================================================================
2011/02/28 20:14:47.0958 9536 Initialize success
2011/02/28 20:15:13.0243 9088 ================================================================================
2011/02/28 20:15:13.0243 9088 Scan started
2011/02/28 20:15:13.0243 9088 Mode: Manual;
2011/02/28 20:15:13.0243 9088 ================================================================================
2011/02/28 20:15:14.0163 9088 1394ohci (a87d604aea360176311474c87a63bb88) D:\Windows\system32\drivers\1394ohci.sys
2011/02/28 20:15:14.0226 9088 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) D:\Windows\system32\drivers\ACPI.sys
2011/02/28 20:15:14.0272 9088 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) D:\Windows\system32\drivers\acpipmi.sys
2011/02/28 20:15:14.0335 9088 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) D:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/28 20:15:14.0382 9088 adpahci (597f78224ee9224ea1a13d6350ced962) D:\Windows\system32\DRIVERS\adpahci.sys
2011/02/28 20:15:14.0413 9088 adpu320 (e109549c90f62fb570b9540c4b148e54) D:\Windows\system32\DRIVERS\adpu320.sys
2011/02/28 20:15:14.0491 9088 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) D:\Windows\system32\drivers\afd.sys
2011/02/28 20:15:14.0538 9088 agp440 (608c14dba7299d8cb6ed035a68a15799) D:\Windows\system32\drivers\agp440.sys
2011/02/28 20:15:14.0569 9088 aliide (5812713a477a3ad7363c7438ca2ee038) D:\Windows\system32\drivers\aliide.sys
2011/02/28 20:15:14.0631 9088 amdide (1ff8b4431c353ce385c875f194924c0c) D:\Windows\system32\drivers\amdide.sys
2011/02/28 20:15:14.0662 9088 AmdK8 (7024f087cff1833a806193ef9d22cda9) D:\Windows\system32\DRIVERS\amdk8.sys
2011/02/28 20:15:14.0818 9088 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) D:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/28 20:15:15.0006 9088 amdkmdap (20b63276a1920b41e1c56720b395049b) D:\Windows\system32\DRIVERS\atikmpag.sys
2011/02/28 20:15:15.0037 9088 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) D:\Windows\system32\DRIVERS\amdppm.sys
2011/02/28 20:15:15.0084 9088 amdsata (6ec6d772eae38dc17c14aed9b178d24b) D:\Windows\system32\drivers\amdsata.sys
2011/02/28 20:15:15.0146 9088 amdsbs (f67f933e79241ed32ff46a4f29b5120b) D:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/28 20:15:15.0162 9088 amdxata (1142a21db581a84ea5597b03a26ebaa0) D:\Windows\system32\drivers\amdxata.sys
2011/02/28 20:15:15.0224 9088 AppID (89a69c3f2f319b43379399547526d952) D:\Windows\system32\drivers\appid.sys
2011/02/28 20:15:15.0271 9088 arc (c484f8ceb1717c540242531db7845c4e) D:\Windows\system32\DRIVERS\arc.sys
2011/02/28 20:15:15.0286 9088 arcsas (019af6924aefe7839f61c830227fe79c) D:\Windows\system32\DRIVERS\arcsas.sys
2011/02/28 20:15:15.0364 9088 AsyncMac (769765ce2cc62867468cea93969b2242) D:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/28 20:15:15.0396 9088 atapi (02062c0b390b7729edc9e69c680a6f3c) D:\Windows\system32\drivers\atapi.sys
2011/02/28 20:15:15.0458 9088 athr (0acc06fcf46f64ed4f11e57ee461c1f4) D:\Windows\system32\DRIVERS\athrx.sys
2011/02/28 20:15:15.0583 9088 Avgfwfd (705417fd6c165ccf926aca943b478d68) D:\Windows\system32\DRIVERS\avgfwd6a.sys
2011/02/28 20:15:15.0645 9088 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) D:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/02/28 20:15:15.0676 9088 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) D:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/02/28 20:15:15.0708 9088 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) D:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/02/28 20:15:15.0770 9088 Avgldx64 (91be0147bc27059aba6d0a478adeb1ee) D:\Windows\system32\DRIVERS\avgldx64.sys
2011/02/28 20:15:15.0786 9088 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) D:\Windows\system32\DRIVERS\avgmfx64.sys
2011/02/28 20:15:15.0817 9088 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) D:\Windows\system32\DRIVERS\avgrkx64.sys
2011/02/28 20:15:15.0879 9088 Avgtdia (9140455490a9298f5a43500f1c886afe) D:\Windows\system32\DRIVERS\avgtdia.sys
2011/02/28 20:15:15.0942 9088 b06bdrv (3e5b191307609f7514148c6832bb0842) D:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/28 20:15:16.0004 9088 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) D:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/28 20:15:16.0035 9088 Beep (16a47ce2decc9b099349a5f840654746) D:\Windows\system32\drivers\Beep.sys
2011/02/28 20:15:16.0098 9088 blbdrive (61583ee3c3a17003c4acd0475646b4d3) D:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/28 20:15:16.0113 9088 bowser (91ce0d3dc57dd377e690a2d324022b08) D:\Windows\system32\DRIVERS\bowser.sys
2011/02/28 20:15:16.0144 9088 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) D:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/28 20:15:16.0160 9088 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) D:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/28 20:15:16.0222 9088 Brserid (43bea8d483bf1870f018e2d02e06a5bd) D:\Windows\System32\Drivers\Brserid.sys
2011/02/28 20:15:16.0254 9088 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) D:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/28 20:15:16.0285 9088 BrUsbMdm (b79968002c277e869cf38bd22cd61524) D:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/28 20:15:16.0300 9088 BrUsbSer (a87528880231c54e75ea7a44943b38bf) D:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/28 20:15:16.0378 9088 BthEnum (cf98190a94f62e405c8cb255018b2315) D:\Windows\system32\drivers\BthEnum.sys
2011/02/28 20:15:16.0410 9088 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) D:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/28 20:15:16.0456 9088 BthPan (02dd601b708dd0667e1331fa8518e9ff) D:\Windows\system32\DRIVERS\bthpan.sys
2011/02/28 20:15:16.0519 9088 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) D:\Windows\System32\Drivers\BTHport.sys
2011/02/28 20:15:16.0550 9088 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) D:\Windows\System32\Drivers\BTHUSB.sys
2011/02/28 20:15:16.0581 9088 cdfs (b8bd2bb284668c84865658c77574381a) D:\Windows\system32\DRIVERS\cdfs.sys
2011/02/28 20:15:16.0612 9088 cdrom (f036ce71586e93d94dab220d7bdf4416) D:\Windows\system32\drivers\cdrom.sys
2011/02/28 20:15:16.0644 9088 circlass (d7cd5c4e1b71fa62050515314cfb52cf) D:\Windows\system32\DRIVERS\circlass.sys
2011/02/28 20:15:16.0675 9088 CLFS (fe1ec06f2253f691fe36217c592a0206) D:\Windows\system32\CLFS.sys
2011/02/28 20:15:16.0722 9088 CmBatt (0840155d0bddf1190f84a663c284bd33) D:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/28 20:15:16.0768 9088 cmdide (e19d3f095812725d88f9001985b94edd) D:\Windows\system32\drivers\cmdide.sys
2011/02/28 20:15:16.0815 9088 CNG (d5fea92400f12412b3922087c09da6a5) D:\Windows\system32\Drivers\cng.sys
2011/02/28 20:15:16.0878 9088 Compbatt (102de219c3f61415f964c88e9085ad14) D:\Windows\system32\DRIVERS\compbatt.sys
2011/02/28 20:15:16.0924 9088 CompositeBus (03edb043586cceba243d689bdda370a8) D:\Windows\system32\drivers\CompositeBus.sys
2011/02/28 20:15:16.0940 9088 crcdisk (1c827878a998c18847245fe1f34ee597) D:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/28 20:15:17.0018 9088 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) D:\Windows\system32\drivers\csc.sys
2011/02/28 20:15:17.0065 9088 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) D:\Windows\system32\Drivers\dfsc.sys
2011/02/28 20:15:17.0096 9088 discache (13096b05847ec78f0977f2c0f79e9ab3) D:\Windows\system32\drivers\discache.sys
2011/02/28 20:15:17.0143 9088 Disk (9819eee8b5ea3784ec4af3b137a5244c) D:\Windows\system32\DRIVERS\disk.sys
2011/02/28 20:15:17.0190 9088 drmkaud (9b19f34400d24df84c858a421c205754) D:\Windows\system32\drivers\drmkaud.sys
2011/02/28 20:15:17.0236 9088 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) D:\Windows\System32\drivers\dxgkrnl.sys
2011/02/28 20:15:17.0361 9088 ebdrv (dc5d737f51be844d8c82c695eb17372f) D:\Windows\system32\DRIVERS\evbda.sys
2011/02/28 20:15:17.0486 9088 elxstor (0e5da5369a0fcaea12456dd852545184) D:\Windows\system32\DRIVERS\elxstor.sys
2011/02/28 20:15:17.0533 9088 ErrDev (34a3c54752046e79a126e15c51db409b) D:\Windows\system32\drivers\errdev.sys
2011/02/28 20:15:17.0611 9088 ETD (06c94be9d9e1e6411429433a64a76936) D:\Windows\system32\DRIVERS\ETD.sys
2011/02/28 20:15:17.0642 9088 exfat (a510c654ec00c1e9bdd91eeb3a59823b) D:\Windows\system32\drivers\exfat.sys
2011/02/28 20:15:17.0689 9088 fastfat (0adc83218b66a6db380c330836f3e36d) D:\Windows\system32\drivers\fastfat.sys
2011/02/28 20:15:17.0720 9088 fdc (d765d19cd8ef61f650c384f62fac00ab) D:\Windows\system32\DRIVERS\fdc.sys
2011/02/28 20:15:17.0751 9088 FileInfo (655661be46b5f5f3fd454e2c3095b930) D:\Windows\system32\drivers\fileinfo.sys
2011/02/28 20:15:17.0782 9088 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) D:\Windows\system32\drivers\filetrace.sys
2011/02/28 20:15:17.0814 9088 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) D:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/28 20:15:17.0876 9088 FltMgr (da6b67270fd9db3697b20fce94950741) D:\Windows\system32\drivers\fltmgr.sys
2011/02/28 20:15:17.0938 9088 FsDepends (d43703496149971890703b4b1b723eac) D:\Windows\system32\drivers\FsDepends.sys
2011/02/28 20:15:17.0970 9088 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) D:\Windows\system32\drivers\Fs_Rec.sys
2011/02/28 20:15:18.0032 9088 fvevol (1f7b25b858fa27015169fe95e54108ed) D:\Windows\system32\DRIVERS\fvevol.sys
2011/02/28 20:15:18.0079 9088 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) D:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/28 20:15:18.0141 9088 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) D:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/28 20:15:18.0172 9088 hcw85cir (f2523ef6460fc42405b12248338ab2f0) D:\Windows\system32\drivers\hcw85cir.sys
2011/02/28 20:15:18.0235 9088 HdAudAddService (975761c778e33cd22498059b91e7373a) D:\Windows\system32\drivers\HdAudio.sys
2011/02/28 20:15:18.0282 9088 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) D:\Windows\system32\drivers\HDAudBus.sys
2011/02/28 20:15:18.0328 9088 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) D:\Windows\system32\DRIVERS\HECIx64.sys
2011/02/28 20:15:18.0344 9088 HidBatt (78e86380454a7b10a5eb255dc44a355f) D:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/28 20:15:18.0375 9088 HidBth (7fd2a313f7afe5c4dab14798c48dd104) D:\Windows\system32\DRIVERS\hidbth.sys
2011/02/28 20:15:18.0406 9088 HidIr (0a77d29f311b88cfae3b13f9c1a73825) D:\Windows\system32\DRIVERS\hidir.sys
2011/02/28 20:15:18.0453 9088 HidUsb (9592090a7e2b61cd582b612b6df70536) D:\Windows\system32\DRIVERS\hidusb.sys
2011/02/28 20:15:18.0500 9088 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) D:\Windows\system32\drivers\HpSAMD.sys
2011/02/28 20:15:18.0562 9088 HTTP (0ea7de1acb728dd5a369fd742d6eee28) D:\Windows\system32\drivers\HTTP.sys
2011/02/28 20:15:18.0625 9088 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) D:\Windows\system32\drivers\hwpolicy.sys
2011/02/28 20:15:18.0687 9088 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) D:\Windows\system32\drivers\i8042prt.sys
2011/02/28 20:15:18.0734 9088 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) D:\Windows\system32\DRIVERS\iaStor.sys
2011/02/28 20:15:18.0765 9088 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) D:\Windows\system32\drivers\iaStorV.sys
2011/02/28 20:15:18.0796 9088 iirsp (5c18831c61933628f5bb0ea2675b9d21) D:\Windows\system32\DRIVERS\iirsp.sys
2011/02/28 20:15:18.0906 9088 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) D:\Windows\system32\drivers\RTKVHD64.sys
2011/02/28 20:15:18.0968 9088 intelide (f00f20e70c6ec3aa366910083a0518aa) D:\Windows\system32\drivers\intelide.sys
2011/02/28 20:15:18.0999 9088 intelppm (ada036632c664caa754079041cf1f8c1) D:\Windows\system32\DRIVERS\intelppm.sys
2011/02/28 20:15:19.0062 9088 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) D:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/28 20:15:19.0108 9088 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) D:\Windows\system32\drivers\IPMIDrv.sys
2011/02/28 20:15:19.0140 9088 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) D:\Windows\system32\drivers\ipnat.sys
2011/02/28 20:15:19.0171 9088 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) D:\Windows\system32\drivers\irenum.sys
2011/02/28 20:15:19.0202 9088 isapnp (2f7b28dc3e1183e5eb418df55c204f38) D:\Windows\system32\drivers\isapnp.sys
2011/02/28 20:15:19.0249 9088 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) D:\Windows\system32\drivers\msiscsi.sys
2011/02/28 20:15:19.0280 9088 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) D:\Windows\system32\drivers\kbdclass.sys
2011/02/28 20:15:19.0311 9088 kbdhid (0705eff5b42a9db58548eec3b26bb484) D:\Windows\system32\drivers\kbdhid.sys
2011/02/28 20:15:19.0358 9088 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) D:\Windows\system32\DRIVERS\kbfiltr.sys
2011/02/28 20:15:19.0420 9088 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) D:\Windows\system32\Drivers\ksecdd.sys
2011/02/28 20:15:19.0483 9088 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) D:\Windows\system32\Drivers\ksecpkg.sys
2011/02/28 20:15:19.0514 9088 ksthunk (6869281e78cb31a43e969f06b57347c4) D:\Windows\system32\drivers\ksthunk.sys
2011/02/28 20:15:19.0592 9088 L1C (48686c29856f46443952a831424f8d6f) D:\Windows\system32\DRIVERS\L1C62x64.sys
2011/02/28 20:15:19.0608 9088 lltdio (1538831cf8ad2979a04c423779465827) D:\Windows\system32\DRIVERS\lltdio.sys
2011/02/28 20:15:19.0670 9088 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) D:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/28 20:15:19.0701 9088 LSI_SAS (1047184a9fdc8bdbff857175875ee810) D:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/28 20:15:19.0717 9088 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) D:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/28 20:15:19.0748 9088 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) D:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/28 20:15:19.0764 9088 luafv (43d0f98e1d56ccddb0d5254cff7b356e) D:\Windows\system32\drivers\luafv.sys
2011/02/28 20:15:19.0795 9088 megasas (a55805f747c6edb6a9080d7c633bd0f4) D:\Windows\system32\DRIVERS\megasas.sys
2011/02/28 20:15:19.0810 9088 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) D:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/28 20:15:19.0842 9088 Modem (800ba92f7010378b09f9ed9270f07137) D:\Windows\system32\drivers\modem.sys
2011/02/28 20:15:19.0857 9088 monitor (b03d591dc7da45ece20b3b467e6aadaa) D:\Windows\system32\DRIVERS\monitor.sys
2011/02/28 20:15:19.0904 9088 mouclass (7d27ea49f3c1f687d357e77a470aea99) D:\Windows\system32\DRIVERS\mouclass.sys
2011/02/28 20:15:19.0951 9088 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) D:\Windows\system32\DRIVERS\mouhid.sys
2011/02/28 20:15:19.0982 9088 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) D:\Windows\system32\drivers\mountmgr.sys
2011/02/28 20:15:20.0029 9088 mpio (a44b420d30bd56e145d6a2bc8768ec58) D:\Windows\system32\drivers\mpio.sys
2011/02/28 20:15:20.0060 9088 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) D:\Windows\system32\drivers\mpsdrv.sys
2011/02/28 20:15:20.0138 9088 MRxDAV (dc722758b8261e1abafd31a3c0a66380) D:\Windows\system32\drivers\mrxdav.sys
2011/02/28 20:15:20.0200 9088 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) D:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/28 20:15:20.0263 9088 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) D:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/28 20:15:20.0294 9088 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) D:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/28 20:15:20.0341 9088 msahci (c25f0bafa182cbca2dd3c851c2e75796) D:\Windows\system32\drivers\msahci.sys
2011/02/28 20:15:20.0372 9088 msdsm (db801a638d011b9633829eb6f663c900) D:\Windows\system32\drivers\msdsm.sys
2011/02/28 20:15:20.0403 9088 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) D:\Windows\system32\drivers\Msfs.sys
2011/02/28 20:15:20.0419 9088 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) D:\Windows\System32\drivers\mshidkmdf.sys
2011/02/28 20:15:20.0450 9088 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) D:\Windows\system32\drivers\msisadrv.sys
2011/02/28 20:15:20.0481 9088 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) D:\Windows\system32\drivers\MSKSSRV.sys
2011/02/28 20:15:20.0497 9088 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) D:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/28 20:15:20.0512 9088 MSPQM (4ed981241db27c3383d72092b618a1d0) D:\Windows\system32\drivers\MSPQM.sys
2011/02/28 20:15:20.0559 9088 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) D:\Windows\system32\drivers\MsRPC.sys
2011/02/28 20:15:20.0622 9088 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) D:\Windows\system32\drivers\mssmbios.sys
2011/02/28 20:15:20.0637 9088 MSTEE (2e66f9ecb30b4221a318c92ac2250779) D:\Windows\system32\drivers\MSTEE.sys
2011/02/28 20:15:20.0653 9088 MTConfig (7ea404308934e675bffde8edf0757bcd) D:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/28 20:15:20.0684 9088 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) D:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/02/28 20:15:20.0715 9088 Mup (f9a18612fd3526fe473c1bda678d61c8) D:\Windows\system32\Drivers\mup.sys
2011/02/28 20:15:20.0762 9088 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) D:\Windows\system32\DRIVERS\nwifi.sys
2011/02/28 20:15:20.0840 9088 NDIS (79b47fd40d9a817e932f9d26fac0a81c) D:\Windows\system32\drivers\ndis.sys
2011/02/28 20:15:20.0902 9088 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) D:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/28 20:15:20.0934 9088 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) D:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/28 20:15:20.0980 9088 Ndisuio (136185f9fb2cc61e573e676aa5402356) D:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/28 20:15:21.0012 9088 NdisWan (53f7305169863f0a2bddc49e116c2e11) D:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/28 20:15:21.0074 9088 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) D:\Windows\system32\drivers\NDProxy.sys
2011/02/28 20:15:21.0105 9088 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) D:\Windows\system32\DRIVERS\netbios.sys
2011/02/28 20:15:21.0152 9088 NetBT (09594d1089c523423b32a4229263f068) D:\Windows\system32\DRIVERS\netbt.sys
2011/02/28 20:15:21.0199 9088 nfrd960 (77889813be4d166cdab78ddba990da92) D:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/28 20:15:21.0230 9088 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) D:\Windows\system32\drivers\Npfs.sys
2011/02/28 20:15:21.0261 9088 nsiproxy (e7f5ae18af4168178a642a9247c63001) D:\Windows\system32\drivers\nsiproxy.sys
2011/02/28 20:15:21.0324 9088 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) D:\Windows\system32\drivers\Ntfs.sys
2011/02/28 20:15:21.0386 9088 Null (9899284589f75fa8724ff3d16aed75c1) D:\Windows\system32\drivers\Null.sys
2011/02/28 20:15:21.0448 9088 nusb3hub (785298579b5f9b4032152dfbb992fdb6) D:\Windows\system32\DRIVERS\nusb3hub.sys
2011/02/28 20:15:21.0495 9088 nusb3xhc (df2750481b4964814467c974f2b0eef1) D:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/02/28 20:15:21.0542 9088 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) D:\Windows\system32\drivers\nvraid.sys
2011/02/28 20:15:21.0573 9088 nvstor (f7cd50fe7139f07e77da8ac8033d1832) D:\Windows\system32\drivers\nvstor.sys
2011/02/28 20:15:21.0620 9088 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) D:\Windows\system32\drivers\nv_agp.sys
2011/02/28 20:15:21.0667 9088 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) D:\Windows\system32\drivers\ohci1394.sys
2011/02/28 20:15:21.0698 9088 Parport (0086431c29c35be1dbc43f52cc273887) D:\Windows\system32\DRIVERS\parport.sys
2011/02/28 20:15:21.0745 9088 partmgr (871eadac56b0a4c6512bbe32753ccf79) D:\Windows\system32\drivers\partmgr.sys
2011/02/28 20:15:21.0807 9088 pci (94575c0571d1462a0f70bde6bd6ee6b3) D:\Windows\system32\drivers\pci.sys
2011/02/28 20:15:21.0838 9088 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) D:\Windows\system32\drivers\pciide.sys
2011/02/28 20:15:21.0854 9088 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) D:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/28 20:15:21.0885 9088 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) D:\Windows\system32\drivers\pcw.sys
2011/02/28 20:15:21.0916 9088 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) D:\Windows\system32\drivers\peauth.sys
2011/02/28 20:15:22.0026 9088 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) D:\Windows\system32\DRIVERS\raspptp.sys
2011/02/28 20:15:22.0041 9088 Processor (0d922e23c041efb1c3fac2a6f943c9bf) D:\Windows\system32\DRIVERS\processr.sys
2011/02/28 20:15:22.0104 9088 Psched (0557cf5a2556bd58e26384169d72438d) D:\Windows\system32\DRIVERS\pacer.sys
2011/02/28 20:15:22.0166 9088 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) D:\Windows\system32\DRIVERS\ql2300.sys
2011/02/28 20:15:22.0213 9088 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) D:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/28 20:15:22.0228 9088 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) D:\Windows\system32\drivers\qwavedrv.sys
2011/02/28 20:15:22.0244 9088 RasAcd (5a0da8ad5762fa2d91678a8a01311704) D:\Windows\system32\DRIVERS\rasacd.sys
2011/02/28 20:15:22.0291 9088 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) D:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/28 20:15:22.0338 9088 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) D:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/28 20:15:22.0353 9088 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) D:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/28 20:15:22.0400 9088 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) D:\Windows\system32\DRIVERS\rassstp.sys
2011/02/28 20:15:22.0447 9088 rdbss (77f665941019a1594d887a74f301fa2f) D:\Windows\system32\DRIVERS\rdbss.sys
2011/02/28 20:15:22.0494 9088 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) D:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/28 20:15:22.0525 9088 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) D:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/28 20:15:22.0572 9088 RDPDR (1b6163c503398b23ff8b939c67747683) D:\Windows\system32\drivers\rdpdr.sys
2011/02/28 20:15:22.0587 9088 RDPENCDD (bb5971a4f00659529a5c44831af22365) D:\Windows\system32\drivers\rdpencdd.sys
2011/02/28 20:15:22.0618 9088 RDPREFMP (216f3fa57533d98e1f74ded70113177a) D:\Windows\system32\drivers\rdprefmp.sys
2011/02/28 20:15:22.0665 9088 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) D:\Windows\system32\drivers\rdpvideominiport.sys
2011/02/28 20:15:22.0728 9088 RDPWD (15b66c206b5cb095bab980553f38ed23) D:\Windows\system32\drivers\RDPWD.sys
2011/02/28 20:15:22.0759 9088 rdyboost (34ed295fa0121c241bfef24764fc4520) D:\Windows\system32\drivers\rdyboost.sys
2011/02/28 20:15:22.0821 9088 RFCOMM (3dd798846e2c28102b922c56e71b7932) D:\Windows\system32\DRIVERS\rfcomm.sys
2011/02/28 20:15:22.0852 9088 rspndr (ddc86e4f8e7456261e637e3552e804ff) D:\Windows\system32\DRIVERS\rspndr.sys
2011/02/28 20:15:22.0899 9088 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) D:\Windows\system32\drivers\RtHDMIVX.sys
2011/02/28 20:15:22.0962 9088 s3cap (e60c0a09f997826c7627b244195ab581) D:\Windows\system32\drivers\vms3cap.sys
2011/02/28 20:15:23.0024 9088 sbp2port (ac03af3329579fffb455aa2daabbe22b) D:\Windows\system32\drivers\sbp2port.sys
2011/02/28 20:15:23.0118 9088 scfilter (253f38d0d7074c02ff8deb9836c97d2b) D:\Windows\system32\DRIVERS\scfilter.sys
2011/02/28 20:15:23.0180 9088 secdrv (3ea8a16169c26afbeb544e0e48421186) D:\Windows\system32\drivers\secdrv.sys
2011/02/28 20:15:23.0227 9088 Serenum (cb624c0035412af0debec78c41f5ca1b) D:\Windows\system32\DRIVERS\serenum.sys
2011/02/28 20:15:23.0242 9088 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) D:\Windows\system32\DRIVERS\serial.sys
2011/02/28 20:15:23.0289 9088 sermouse (1c545a7d0691cc4a027396535691c3e3) D:\Windows\system32\DRIVERS\sermouse.sys
2011/02/28 20:15:23.0320 9088 sffdisk (a554811bcd09279536440c964ae35bbf) D:\Windows\system32\drivers\sffdisk.sys
2011/02/28 20:15:23.0352 9088 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) D:\Windows\system32\drivers\sffp_mmc.sys
2011/02/28 20:15:23.0367 9088 sffp_sd (dd85b78243a19b59f0637dcf284da63c) D:\Windows\system32\drivers\sffp_sd.sys
2011/02/28 20:15:23.0383 9088 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) D:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/28 20:15:23.0430 9088 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) D:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/28 20:15:23.0445 9088 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) D:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/28 20:15:23.0461 9088 Smb (548260a7b8654e024dc30bf8a7c5baa4) D:\Windows\system32\DRIVERS\smb.sys
2011/02/28 20:15:23.0570 9088 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) D:\Windows\system32\DRIVERS\snp2uvc.sys
2011/02/28 20:15:23.0632 9088 spldr (b9e31e5cacdfe584f34f730a677803f9) D:\Windows\system32\drivers\spldr.sys
2011/02/28 20:15:23.0695 9088 srv (2098b8556d1cec2aca9a29cd479e3692) D:\Windows\system32\DRIVERS\srv.sys
2011/02/28 20:15:23.0726 9088 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) D:\Windows\system32\DRIVERS\srv2.sys
2011/02/28 20:15:23.0788 9088 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) D:\Windows\system32\DRIVERS\srvnet.sys
2011/02/28 20:15:23.0851 9088 stexstor (f3817967ed533d08327dc73bc4d5542a) D:\Windows\system32\DRIVERS\stexstor.sys
2011/02/28 20:15:23.0898 9088 storflt (7785dc213270d2fc066538daf94087e7) D:\Windows\system32\drivers\vmstorfl.sys
2011/02/28 20:15:23.0929 9088 storvsc (d34e4943d5ac096c8edeebfd80d76e23) D:\Windows\system32\drivers\storvsc.sys
2011/02/28 20:15:23.0976 9088 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) D:\Windows\system32\drivers\swenum.sys
2011/02/28 20:15:24.0085 9088 Tcpip (509383e505c973ed7534a06b3d19688d) D:\Windows\system32\drivers\tcpip.sys
2011/02/28 20:15:24.0210 9088 TCPIP6 (509383e505c973ed7534a06b3d19688d) D:\Windows\system32\DRIVERS\tcpip.sys
2011/02/28 20:15:24.0272 9088 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) D:\Windows\system32\drivers\tcpipreg.sys
2011/02/28 20:15:24.0319 9088 TDPIPE (3371d21011695b16333a3934340c4e7c) D:\Windows\system32\drivers\tdpipe.sys
2011/02/28 20:15:24.0334 9088 TDTCP (e4245bda3190a582d55ed09e137401a9) D:\Windows\system32\drivers\tdtcp.sys
2011/02/28 20:15:24.0381 9088 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) D:\Windows\system32\DRIVERS\tdx.sys
2011/02/28 20:15:24.0428 9088 TermDD (561e7e1f06895d78de991e01dd0fb6e5) D:\Windows\system32\drivers\termdd.sys
2011/02/28 20:15:24.0490 9088 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) D:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/28 20:15:24.0522 9088 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) D:\Windows\system32\drivers\tsusbflt.sys
2011/02/28 20:15:24.0600 9088 tunnel (3566a8daafa27af944f5d705eaa64894) D:\Windows\system32\DRIVERS\tunnel.sys
2011/02/28 20:15:24.0646 9088 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) D:\Windows\system32\DRIVERS\uagp35.sys
2011/02/28 20:15:24.0693 9088 udfs (ff4232a1a64012baa1fd97c7b67df593) D:\Windows\system32\DRIVERS\udfs.sys
2011/02/28 20:15:24.0740 9088 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) D:\Windows\system32\drivers\uliagpkx.sys
2011/02/28 20:15:24.0771 9088 umbus (dc54a574663a895c8763af0fa1ff7561) D:\Windows\system32\drivers\umbus.sys
2011/02/28 20:15:24.0802 9088 UmPass (b2e8e8cb557b156da5493bbddcc1474d) D:\Windows\system32\DRIVERS\umpass.sys
2011/02/28 20:15:24.0849 9088 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) D:\Windows\system32\Drivers\usbaapl64.sys
2011/02/28 20:15:24.0896 9088 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) D:\Windows\system32\drivers\usbccgp.sys
2011/02/28 20:15:24.0958 9088 usbcir (af0892a803fdda7492f595368e3b68e7) D:\Windows\system32\drivers\usbcir.sys
2011/02/28 20:15:24.0990 9088 usbehci (74ee782b1d9c241efe425565854c661c) D:\Windows\system32\DRIVERS\usbehci.sys
2011/02/28 20:15:25.0036 9088 usbhub (dc96bd9ccb8403251bcf25047573558e) D:\Windows\system32\drivers\usbhub.sys
2011/02/28 20:15:25.0068 9088 usbohci (58e546bbaf87664fc57e0f6081e4f609) D:\Windows\system32\DRIVERS\usbohci.sys
2011/02/28 20:15:25.0083 9088 usbprint (73188f58fb384e75c4063d29413cee3d) D:\Windows\system32\DRIVERS\usbprint.sys
2011/02/28 20:15:25.0130 9088 USBSTOR (d76510cfa0fc09023077f22c2f979d86) D:\Windows\system32\drivers\USBSTOR.SYS
2011/02/28 20:15:25.0177 9088 usbuhci (81fb2216d3a60d1284455d511797db3d) D:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/28 20:15:25.0208 9088 usbvideo (454800c2bc7f3927ce030141ee4f4c50) D:\Windows\System32\Drivers\usbvideo.sys
2011/02/28 20:15:25.0239 9088 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) D:\Windows\system32\drivers\vdrvroot.sys
2011/02/28 20:15:25.0286 9088 vga (da4da3f5e02943c2dc8c6ed875de68dd) D:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/28 20:15:25.0302 9088 VgaSave (53e92a310193cb3c03bea963de7d9cfc) D:\Windows\System32\drivers\vga.sys
2011/02/28 20:15:25.0348 9088 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) D:\Windows\system32\drivers\vhdmp.sys
2011/02/28 20:15:25.0395 9088 viaide (e5689d93ffe4e5d66c0178761240dd54) D:\Windows\system32\drivers\viaide.sys
2011/02/28 20:15:25.0442 9088 vmbus (86ea3e79ae350fea5331a1303054005f) D:\Windows\system32\drivers\vmbus.sys
2011/02/28 20:15:25.0473 9088 VMBusHID (7de90b48f210d29649380545db45a187) D:\Windows\system32\drivers\VMBusHID.sys
2011/02/28 20:15:25.0520 9088 volmgr (d2aafd421940f640b407aefaaebd91b0) D:\Windows\system32\drivers\volmgr.sys
2011/02/28 20:15:25.0551 9088 volmgrx (a255814907c89be58b79ef2f189b843b) D:\Windows\system32\drivers\volmgrx.sys
2011/02/28 20:15:25.0614 9088 volsnap (0d08d2f3b3ff84e433346669b5e0f639) D:\Windows\system32\drivers\volsnap.sys
2011/02/28 20:15:25.0645 9088 vsmraid (5e2016ea6ebaca03c04feac5f330d997) D:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/28 20:15:25.0676 9088 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) D:\Windows\system32\DRIVERS\vwifibus.sys
2011/02/28 20:15:25.0692 9088 vwififlt (6a3d66263414ff0d6fa754c646612f3f) D:\Windows\system32\DRIVERS\vwififlt.sys
2011/02/28 20:15:25.0707 9088 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) D:\Windows\system32\DRIVERS\wacompen.sys
2011/02/28 20:15:25.0738 9088 WANARP (356afd78a6ed4457169241ac3965230c) D:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 20:15:25.0754 9088 Wanarpv6 (356afd78a6ed4457169241ac3965230c) D:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 20:15:25.0816 9088 Wd (72889e16ff12ba0f235467d6091b17dc) D:\Windows\system32\DRIVERS\wd.sys
2011/02/28 20:15:25.0832 9088 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) D:\Windows\system32\drivers\Wdf01000.sys
2011/02/28 20:15:25.0894 9088 WfpLwf (611b23304bf067451a9fdee01fbdd725) D:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/28 20:15:25.0910 9088 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) D:\Windows\system32\drivers\wimmount.sys
2011/02/28 20:15:25.0988 9088 WinUsb (fe88b288356e7b47b74b13372add906d) D:\Windows\system32\DRIVERS\WinUsb.sys
2011/02/28 20:15:26.0019 9088 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) D:\Windows\system32\drivers\wmiacpi.sys
2011/02/28 20:15:26.0097 9088 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) D:\Windows\system32\drivers\ws2ifsl.sys
2011/02/28 20:15:26.0160 9088 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) D:\Windows\system32\drivers\WudfPf.sys
2011/02/28 20:15:26.0238 9088 WUDFRd (cf8d590be3373029d57af80914190682) D:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/28 20:15:26.0316 9088 ================================================================================
2011/02/28 20:15:26.0316 9088 Scan finished
2011/02/28 20:15:26.0316 9088 ================================================================================




MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: N61Jq
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 173):
0x02E5D000 \SystemRoot\system32\ntoskrnl.exe
0x02E14000 \SystemRoot\system32\hal.dll
0x00BA9000 \SystemRoot\system32\kdcom.dll
0x00CFC000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D4B000 \SystemRoot\system32\PSHED.dll
0x00D5F000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E42000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF5000 \SystemRoot\system32\drivers\ACPI.sys
0x00F4C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F55000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F5F000 \SystemRoot\system32\drivers\pci.sys
0x00F92000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F9F000 \SystemRoot\System32\drivers\partmgr.sys
0x00FB4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FBD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FC9000 \SystemRoot\system32\drivers\volmgr.sys
0x010AF000 \SystemRoot\System32\drivers\volmgrx.sys
0x0110B000 \SystemRoot\System32\drivers\mountmgr.sys
0x01125000 \SystemRoot\system32\drivers\vmbus.sys
0x01161000 \SystemRoot\system32\drivers\winhv.sys
0x01214000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01330000 \SystemRoot\system32\drivers\atapi.sys
0x01339000 \SystemRoot\system32\drivers\ataport.SYS
0x01363000 \SystemRoot\system32\drivers\msahci.sys
0x0136E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0137E000 \SystemRoot\system32\drivers\amdxata.sys
0x01389000 \SystemRoot\system32\drivers\fltmgr.sys
0x013D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x01409000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01175000 \SystemRoot\System32\Drivers\msrpc.sys
0x015AC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x015C7000 \SystemRoot\System32\drivers\pcw.sys
0x015D8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016A2000 \SystemRoot\system32\drivers\ndis.sys
0x01795000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01853000 \SystemRoot\System32\drivers\tcpip.sys
0x01A57000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AA1000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01AB1000 \SystemRoot\system32\drivers\volsnap.sys
0x01AFD000 \SystemRoot\System32\Drivers\spldr.sys
0x01B05000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B3F000 \SystemRoot\System32\Drivers\mup.sys
0x01B51000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B5A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B94000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BAA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01BDA000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01BE4000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x02E13000 \SystemRoot\system32\drivers\cdrom.sys
0x02E3D000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x02E4C000 \SystemRoot\System32\Drivers\Null.SYS
0x02E55000 \SystemRoot\System32\Drivers\Beep.SYS
0x02E5C000 \SystemRoot\System32\drivers\vga.sys
0x02E6A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02E8F000 \SystemRoot\System32\drivers\watchdog.sys
0x02E9F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02EA8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02EB1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02EBA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02EC5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01800000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
0x01811000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01833000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0162B000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x03EAF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03EF4000 \SystemRoot\system32\drivers\afd.sys
0x03F7D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03F86000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03FAC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03FC2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03FD1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03FEC000 \SystemRoot\system32\drivers\termdd.sys
0x03E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03E5D000 \SystemRoot\system32\drivers\mssmbios.sys
0x03E68000 \SystemRoot\System32\drivers\discache.sys
0x044AD000 \SystemRoot\system32\drivers\csc.sys
0x04530000 \SystemRoot\System32\Drivers\dfsc.sys
0x0454E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0455F000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x045AF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04400000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04C52000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05463000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05557000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0559D000 \SystemRoot\system32\drivers\HDAudBus.sys
0x055C1000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x055D2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0444C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04C00000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x04616000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04793000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x047A0000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x047D0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04C09000 \SystemRoot\system32\drivers\i8042prt.sys
0x04C27000 \SystemRoot\system32\DRIVERS\ETD.sys
0x047D2000 \SystemRoot\system32\drivers\mouclass.sys
0x04600000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x055E3000 \SystemRoot\system32\drivers\kbdclass.sys
0x04608000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x047E1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x045D5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x055F2000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x045EB000 \SystemRoot\system32\drivers\CompositeBus.sys
0x03E77000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x01072000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03E8D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x015E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x011D3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00FDE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x044A2000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x047FC000 \SystemRoot\system32\drivers\swenum.sys
0x00DBD000 \SystemRoot\system32\drivers\ks.sys
0x03E99000 \SystemRoot\system32\drivers\umbus.sys
0x05898000 \SystemRoot\system32\drivers\usbhub.sys
0x05907000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x05948000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0595D000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x0598D000 \SystemRoot\system32\drivers\portcls.sys
0x059CA000 \SystemRoot\system32\drivers\drmk.sys
0x059EC000 \SystemRoot\system32\drivers\ksthunk.sys
0x06623000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0689A000 \SystemRoot\system32\drivers\usbccgp.sys
0x06243000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x06200000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x06211000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x069DA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02ED6000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x069E8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x06600000 \SystemRoot\System32\drivers\Dxapi.sys
0x005C0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x0685B000 \SystemRoot\system32\drivers\luafv.sys
0x05800000 \SystemRoot\system32\drivers\WudfPf.sys
0x0687E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05821000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x068B7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05874000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x040E4000 \SystemRoot\system32\drivers\HTTP.sys
0x041AD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x041CB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0402D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0407A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0409E000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x06CBE000 \SystemRoot\system32\drivers\peauth.sys
0x06D64000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06D6F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06DA0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06DB2000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x06C00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07C94000 \SystemRoot\System32\DRIVERS\srv.sys
0x07D2D000 \SystemRoot\System32\Drivers\fastfat.SYS
0x07DD4000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x07C11000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x068CA000 \SystemRoot\System32\Drivers\bthport.sys
0x07C29000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x07C55000 \SystemRoot\system32\drivers\BthEnum.sys
0x07C65000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x07D74000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x07D89000 \SystemRoot\system32\DRIVERS\monitor.sys
0x07D97000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07DA5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07DBE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x77360000 \Windows\System32\ntdll.dll
0x47D30000 \Windows\System32\smss.exe
0xFF680000 \Windows\System32\apisetschema.dll

Processes (total 91):
0 System Idle Process
4 System
360 D:\Windows\System32\smss.exe
460 D:\PROGRA~2\AVG\AVG10\avgchsva.exe
768 csrss.exe
856 csrss.exe
864 D:\Windows\System32\wininit.exe
920 D:\Windows\System32\winlogon.exe
968 D:\Windows\System32\services.exe
980 D:\Windows\System32\lsass.exe
992 D:\Windows\System32\lsm.exe
688 D:\Windows\System32\svchost.exe
772 D:\Windows\System32\svchost.exe
1044 D:\Windows\System32\atiesrxx.exe
1084 D:\Windows\System32\svchost.exe
1132 D:\Windows\System32\svchost.exe
1156 D:\Windows\System32\svchost.exe
1316 D:\Windows\System32\svchost.exe
1604 D:\Windows\System32\svchost.exe
1712 D:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
1900 D:\Windows\System32\spoolsv.exe
1928 D:\Windows\System32\svchost.exe
2032 D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1628 D:\Program Files (x86)\AVG\AVG10\avgfws.exe
1464 D:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
1448 D:\Program Files (x86)\Bonjour\mDNSResponder.exe
1860 D:\Windows\System32\svchost.exe
1808 D:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
744 D:\Windows\System32\svchost.exe
1796 D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2164 D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2184 D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2548 D:\Program Files (x86)\AVG\AVG10\avgam.exe
2564 D:\Program Files (x86)\AVG\AVG10\avgnsa.exe
2636 D:\Program Files (x86)\AVG\AVG10\avgemca.exe
2652 D:\Windows\System32\conhost.exe
2540 D:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3348 D:\Windows\System32\svchost.exe
3580 D:\Windows\System32\svchost.exe
3796 D:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
4024 D:\Windows\System32\SearchIndexer.exe
1152 WmiPrvSE.exe
3340 D:\Windows\System32\atieclxx.exe
4036 D:\Windows\System32\taskhost.exe
1528 D:\Windows\System32\dwm.exe
3504 D:\Windows\explorer.exe
3908 D:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
4128 D:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
4208 D:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
4836 D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4872 D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
4880 D:\Program Files\Elantech\ETDCtrl.exe
3316 D:\Program Files\Windows Sidebar\sidebar.exe
4372 D:\Program Files\Elantech\ETDCtrlHelper.exe
4424 D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4320 C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
4268 D:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
4448 D:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
4292 D:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
2620 D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4496 D:\Program Files (x86)\AVG\AVG10\avgtray.exe
4148 D:\Program Files\Windows Media Player\wmpnetwk.exe
4232 D:\Windows\System32\svchost.exe
3556 WmiPrvSE.exe
136 D:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4540 D:\Windows\System32\conhost.exe
4404 D:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
5260 D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5748 dllhost.exe
3304 D:\PROGRA~2\AVG\AVG10\avgrsa.exe
3212 D:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
6176 D:\Program Files\iPod\bin\iPodService.exe
8040 D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
7016 D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
4216 D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
9748 D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
9736 D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
8856 D:\Windows\System32\svchost.exe
9532 D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
8984 D:\Windows\System32\audiodg.exe
5532 D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
5560 D:\Windows\System32\msiexec.exe
5280 D:\Windows\System32\VSSVC.exe
3476 D:\Windows\System32\svchost.exe
7828 D:\Windows\System32\SearchProtocolHost.exe
7184 D:\Windows\System32\SearchFilterHost.exe
6768 dllhost.exe
6564 dllhost.exe
10076 D:\Users\Seth\Desktop\MBRCheck.exe
6872 D:\Windows\System32\conhost.exe
7088 D:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`e22cec00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000021`fe400000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Seth at 20:24:00.87 on 28/02/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4021.2042 [GMT -5:00]

AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

============== Running Processes ===============

D:\PROGRA~2\AVG\AVG10\avgchsva.exe
D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\system32\atiesrxx.exe
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
D:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files (x86)\AVG\AVG10\avgfws.exe
D:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
D:\Program Files (x86)\Bonjour\mDNSResponder.exe
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
D:\Windows\system32\svchost.exe -k imgsvc
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files (x86)\AVG\AVG10\avgam.exe
D:\Program Files (x86)\AVG\AVG10\avgnsa.exe
D:\Program Files (x86)\AVG\AVG10\avgemca.exe
D:\Windows\system32\conhost.exe
D:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
D:\Windows\system32\svchost.exe -k bthsvcs
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
D:\Windows\system32\SearchIndexer.exe
D:\Windows\system32\wbem\wmiprvse.exe
D:\Windows\system32\atieclxx.exe
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
D:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
D:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
D:\Program Files\Elantech\ETDCtrl.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Elantech\ETDCtrlHelper.exe
D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
D:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
D:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
D:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\AVG\AVG10\avgtray.exe
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Windows\system32\wbem\wmiprvse.exe
D:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
D:\Windows\system32\conhost.exe
D:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Windows\system32\DllHost.exe
D:\PROGRA~2\AVG\AVG10\avgrsa.exe
D:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\System32\svchost.exe -k secsvcs
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\system32\msiexec.exe
D:\Windows\System32\svchost.exe -k swprv
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Windows\system32\DllHost.exe
D:\Windows\system32\DllHost.exe
D:\Users\Seth\Desktop\dds.scr
D:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - D:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HControlUser] D:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] D:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] D:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [SunJavaUpdateSched] "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] D:\Program Files (x86)\AVG\AVG10\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - D:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [AmIcoSinglun64] D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;D:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;D:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgfwfd;AVG network filter service;D:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;D:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;D:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;D:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 vwififlt;Virtual WiFi Filter Driver;D:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;D:\Windows\System32\atiesrxx.exe [2010-11-25 203776]
R2 avgfws;AVG Firewall;D:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;D:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;D:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 SBSDWSCService;SBSD Security Center Service;D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-31 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service;D:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-24 2314240]
R3 amdkmdag;amdkmdag;D:\Windows\System32\drivers\atikmdag.sys [2010-11-25 8120320]
R3 amdkmdap;amdkmdap;D:\Windows\System32\drivers\atikmpag.sys [2010-11-25 289792]
R3 AVGIDSDriver;AVGIDSDriver;D:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;D:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 ETD;ELAN PS/2 Port Input Device;D:\Windows\System32\drivers\ETD.sys [2011-1-24 128512]
R3 HECIx64;Intel® Management Engine Interface;D:\Windows\System32\drivers\HECIx64.sys [2011-1-24 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;D:\Windows\System32\drivers\L1C62x64.sys [2011-1-24 75816]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;D:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;D:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;D:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-27 20992]
S3 TsUsbFlt;TsUsbFlt;D:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;D:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;D:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-24 1255736]

=============== Created Last 30 ================

2011-03-01 00:46:50 -------- d-----w- D:\Program Files (x86)\Lavalys
2011-02-27 23:32:45 -------- d-----w- D:\Windows\System32\SPReview
2011-02-27 23:32:02 -------- d-----w- D:\Windows\System32\EventProviders
2011-02-27 23:28:56 5066752 ----a-w- D:\Windows\SysWow64\AuthFWSnapin.dll
2011-02-27 23:26:59 72192 ----a-w- D:\Windows\System32\napdsnap.dll
2011-02-27 23:22:16 529408 ----a-w- D:\Windows\System32\wbemcomn.dll
2011-02-27 23:22:16 524288 ----a-w- D:\Windows\System32\wmicmiplugin.dll
2011-02-27 23:22:16 1225216 ----a-w- D:\Windows\System32\wbem\wbemcore.dll
2011-02-27 23:21:59 933376 ----a-w- D:\Windows\System32\SmiEngine.dll
2011-02-27 23:21:49 199168 ----a-w- D:\Windows\System32\PkgMgr.exe
2011-02-27 23:21:13 422912 ----a-w- D:\Windows\System32\drvstore.dll
2011-02-27 23:21:13 399872 ----a-w- D:\Windows\System32\dpx.dll
2011-02-27 22:24:38 -------- d-----w- D:\Program Files (x86)\VideoLAN
2011-02-25 19:22:51 -------- d-----w- D:\Users\Seth\AppData\Roaming\AVG
2011-02-25 18:56:49 -------- d--h--w- D:\$AVG
2011-02-25 18:11:39 -------- d-----w- D:\Users\Seth\AppData\Roaming\AVG10
2011-02-25 18:07:46 -------- d--h--w- D:\PROGRA~3\Common Files
2011-02-25 18:07:34 -------- d-----w- D:\Windows\SysWow64\drivers\AVG
2011-02-25 18:06:59 -------- d-----w- D:\Windows\System32\drivers\AVG
2011-02-25 18:06:59 -------- d-----w- D:\PROGRA~3\AVG10
2011-02-25 18:06:30 -------- d-----w- D:\Program Files (x86)\AVG
2011-02-25 17:33:12 -------- d-----w- D:\PROGRA~3\MFAData
2011-02-24 05:16:23 -------- d-----w- D:\Users\Seth\AppData\Roaming\Malwarebytes
2011-02-24 05:16:19 38224 ----a-w- D:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-24 05:16:19 -------- d-----w- D:\PROGRA~3\Malwarebytes
2011-02-24 05:16:16 24152 ----a-w- D:\Windows\System32\drivers\mbam.sys
2011-02-24 05:16:16 -------- d-----w- D:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-23 18:41:58 -------- d-----w- D:\Users\Seth\AppData\Local\{16F11F1D-74A1-4F25-A03C-114414793459}
2011-02-23 18:24:31 870912 ----a-w- D:\Windows\SysWow64\XpsPrint.dll
2011-02-23 18:24:31 475648 ----a-w- D:\Windows\System32\XpsGdiConverter.dll
2011-02-23 18:24:31 288256 ----a-w- D:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 18:24:31 1465344 ----a-w- D:\Windows\System32\XpsPrint.dll
2011-02-22 23:18:14 -------- d-----w- D:\Users\Seth\AppData\Local\{44576123-0333-468C-AACD-EA2A2A0B1BD8}
2011-02-22 23:12:00 -------- d-----w- D:\Windows\en
2011-02-22 23:10:25 -------- d-----w- D:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-22 23:08:06 -------- d-----w- D:\Windows\PCHEALTH
2011-02-22 23:07:01 94040 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\364fbbca1cbd2e507\DSETUP.dll
2011-02-22 23:07:01 525656 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\364fbbca1cbd2e507\DXSETUP.exe
2011-02-22 23:07:01 1691480 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\364fbbca1cbd2e507\dsetup32.dll
2011-02-22 23:06:55 94040 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\32a2f9b41cbd2e506\DSETUP.dll
2011-02-22 23:06:55 525656 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\32a2f9b41cbd2e506\DXSETUP.exe
2011-02-22 23:06:55 1691480 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\32a2f9b41cbd2e506\dsetup32.dll
2011-02-22 23:02:47 -------- d-----w- D:\Users\Seth\AppData\Local\Windows Live
2011-02-22 23:02:47 -------- d-----w- D:\Program Files (x86)\Common Files\Windows Live
2011-02-22 22:07:20 -------- d-----w- D:\Users\Seth\AppData\Local\Apple Computer
2011-02-22 22:07:05 34152 ----a-w- D:\Windows\System32\drivers\GEARAspiWDM.sys
2011-02-22 22:07:05 126312 ----a-w- D:\Windows\System32\GEARAspi64.dll
2011-02-22 22:07:05 107368 ----a-w- D:\Windows\SysWow64\GEARAspi.dll
2011-02-22 22:06:43 -------- d-----w- D:\Program Files\iTunes
2011-02-22 22:06:43 -------- d-----w- D:\Program Files\iPod
2011-02-22 22:06:43 -------- d-----w- D:\Program Files (x86)\iTunes
2011-02-22 22:06:43 -------- d-----w- D:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-22 22:04:15 -------- d-----w- D:\Users\Seth\AppData\Local\Apple
2011-02-22 22:03:57 -------- d-----w- D:\Program Files\Bonjour
2011-02-22 22:03:57 -------- d-----w- D:\Program Files (x86)\Bonjour
2011-02-22 19:07:43 230400 ----a-w- D:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-02-22 19:07:43 230400 ----a-w- D:\Windows\System32\Spool\prtprocs\x64\1_hpzppw71.dll
2011-02-22 19:07:38 33792 ----a-w- D:\Windows\System32\Spool\prtprocs\x64\ssp4mpc.dll
2011-02-22 18:30:48 -------- dc----w- D:\Users\Seth\AppData\Local\MigWiz
2011-02-22 18:03:28 7844688 ----a-w- D:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{5D538A6F-014D-4F6E-819F-EEA0EB184F99}\mpengine.dll
2011-02-20 20:18:47 -------- d-----w- D:\Users\Seth\AppData\Local\Diagnostics
2011-02-19 17:25:10 -------- d-----w- D:\Users\Seth\AppData\Local\My Games
2011-02-17 21:36:13 1638912 ----a-w- D:\Windows\SysWow64\mshtml.tlb
2011-02-17 21:36:12 1638912 ----a-w- D:\Windows\System32\mshtml.tlb
2011-02-17 21:36:04 715776 ----a-w- D:\Windows\System32\kerberos.dll
2011-02-17 21:36:04 542208 ----a-w- D:\Windows\SysWow64\kerberos.dll
2011-02-17 21:36:02 3129344 ----a-w- D:\Windows\System32\win32k.sys
2011-02-17 21:35:44 214016 ----a-w- D:\Windows\System32\winsrv.dll
2011-02-17 21:35:42 612864 ----a-w- D:\Windows\System32\vbscript.dll
2011-02-17 21:35:41 428032 ----a-w- D:\Windows\SysWow64\vbscript.dll
2011-02-17 21:35:36 46080 ----a-w- D:\Windows\System32\atmlib.dll
2011-02-17 21:35:36 366592 ----a-w- D:\Windows\System32\atmfd.dll
2011-02-17 21:35:36 34304 ----a-w- D:\Windows\SysWow64\atmlib.dll
2011-02-17 21:35:36 294400 ----a-w- D:\Windows\SysWow64\atmfd.dll
2011-02-17 21:35:35 70656 ----a-w- D:\Windows\SysWow64\fontsub.dll
2011-02-17 21:35:35 100864 ----a-w- D:\Windows\System32\fontsub.dll
2011-01-31 20:04:19 -------- d-----w- D:\Users\Seth\AppData\Local\ESET
2011-01-31 17:58:08 -------- d-----w- D:\Program Files (x86)\Spybot - Search & Destroy
2011-01-31 17:58:08 -------- d-----w- D:\PROGRA~3\Spybot - Search & Destroy
2011-01-31 17:33:47 381144 ----a-w- D:\Windows\sediag.exe

==================== Find3M ====================

2011-02-27 23:40:58 175616 ----a-w- D:\Windows\System32\msclmd.dll
2011-02-27 23:40:58 152576 ----a-w- D:\Windows\SysWow64\msclmd.dll
2011-02-02 22:11:20 270720 ------w- D:\Windows\System32\MpSigStub.exe
2011-01-25 04:18:15 411368 ----a-w- D:\Windows\SysWow64\deployJava1.dll
2011-01-25 00:02:18 0 ----a-w- D:\Windows\ativpsrm.bin
2010-12-15 04:14:08 591200 ----a-w- D:\Windows\System32\ipcoin801.dll
2010-12-14 23:51:20 51712 ----a-w- D:\Windows\System32\drivers\usbaapl64.sys
2010-12-14 23:51:20 4184352 ----a-w- D:\Windows\System32\usbaaplrc.dll
2010-12-08 09:12:36 308304 ----a-w- D:\Windows\System32\drivers\avgldx64.sys
2010-12-07 17:17:20 51200 ----a-w- D:\Windows\SysWow64\OpenCL.dll
2010-12-07 17:15:30 52736 ----a-w- D:\Windows\System32\OpenCL.dll

============= FINISH: 20:24:41.80 ===============

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:37 PM

Posted 28 February 2011 - 11:05 PM

Hello,

Well I didn't see any malware there. Lets try Combofix.

1.
Are you connected to the internet through a router? If so we need to reset the router.

How to reset a router.

2.
We need to uninstall Avg so it does not interfere with the running of Combofix.

Please download and use AppRemover to remove AVG.

3.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 bandalf

bandalf
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 01 March 2011 - 01:20 AM

Thank you again for your attention! I ran combofix. I've done some searches on google and so far so good. Here is the combofix log. Thanks again for your help!


ComboFix 11-02-28.03 - Seth 01/03/2011 1:05.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4021.2995 [GMT -5:00]
Running from: d:\users\Seth\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Install.exe

.
((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-03-01 06:04 . 2011-03-01 06:04 -------- d-----w- D:\32788R22FWJFW
2011-03-01 01:18 . 2011-03-01 01:18 -------- d-----w- d:\program files\7-Zip
2011-03-01 00:46 . 2011-03-01 00:46 -------- d-----w- d:\program files (x86)\Lavalys
2011-02-27 23:32 . 2011-02-27 23:32 -------- d-----w- d:\windows\system32\SPReview
2011-02-27 23:32 . 2011-02-27 23:32 -------- d-----w- d:\windows\system32\EventProviders
2011-02-27 23:28 . 2010-11-20 13:39 5066752 ----a-w- d:\windows\system32\AuthFWSnapin.dll
2011-02-27 23:27 . 2010-11-20 13:33 31104 ----a-w- d:\windows\system32\drivers\msahci.sys
2011-02-27 23:26 . 2010-11-20 13:27 47104 ----a-w- d:\windows\system32\wshbth.dll
2011-02-27 23:22 . 2010-11-20 13:27 524288 ----a-w- d:\windows\system32\wmicmiplugin.dll
2011-02-27 23:22 . 2010-11-20 13:27 529408 ----a-w- d:\windows\system32\wbemcomn.dll
2011-02-27 23:22 . 2010-11-20 13:27 1225216 ----a-w- d:\windows\system32\wbem\wbemcore.dll
2011-02-27 23:21 . 2010-11-20 13:27 933376 ----a-w- d:\windows\system32\SmiEngine.dll
2011-02-27 23:21 . 2010-11-20 13:25 199168 ----a-w- d:\windows\system32\PkgMgr.exe
2011-02-27 23:21 . 2010-11-20 13:26 422912 ----a-w- d:\windows\system32\drvstore.dll
2011-02-27 23:21 . 2010-11-20 13:26 399872 ----a-w- d:\windows\system32\dpx.dll
2011-02-27 22:25 . 2011-02-27 22:25 -------- d-----w- d:\users\Seth\AppData\Roaming\vlc
2011-02-27 22:24 . 2011-02-27 22:24 -------- d-----w- d:\program files (x86)\VideoLAN
2011-02-25 18:11 . 2011-02-25 18:11 -------- d-----w- d:\users\Seth\AppData\Roaming\AVG10
2011-02-25 18:07 . 2011-02-25 18:07 -------- d--h--w- d:\programdata\Common Files
2011-02-25 18:06 . 2011-03-01 05:55 -------- d-----w- d:\programdata\AVG10
2011-02-25 18:06 . 2011-02-25 18:21 -------- d-----w- d:\program files (x86)\AVG
2011-02-25 17:33 . 2011-02-25 18:06 -------- d-----w- d:\programdata\MFAData
2011-02-24 05:16 . 2011-03-01 05:49 -------- d-----w- d:\users\Seth\AppData\Roaming\Malwarebytes
2011-02-23 18:41 . 2011-02-23 18:42 -------- d-----w- d:\users\Seth\AppData\Local\{16F11F1D-74A1-4F25-A03C-114414793459}
2011-02-23 18:24 . 2011-01-07 12:17 475648 ----a-w- d:\windows\system32\XpsGdiConverter.dll
2011-02-23 18:24 . 2011-01-07 12:17 1465344 ----a-w- d:\windows\system32\XpsPrint.dll
2011-02-23 18:24 . 2011-01-07 07:46 870912 ----a-w- d:\windows\SysWow64\XpsPrint.dll
2011-02-23 18:24 . 2011-01-07 07:46 288256 ----a-w- d:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 23:18 . 2011-02-22 23:18 -------- d-----w- d:\users\Seth\AppData\Local\{44576123-0333-468C-AACD-EA2A2A0B1BD8}
2011-02-22 23:12 . 2011-02-22 23:12 -------- d-----w- d:\windows\en
2011-02-22 23:10 . 2011-02-22 23:10 -------- d-----w- d:\program files (x86)\Microsoft SQL Server Compact Edition
2011-02-22 23:08 . 2011-02-22 23:10 -------- d-----w- d:\program files (x86)\Windows Live
2011-02-22 23:08 . 2011-02-22 23:08 -------- d-----w- d:\windows\PCHEALTH
2011-02-22 23:02 . 2011-02-22 23:17 -------- d-----w- d:\users\Seth\AppData\Local\Windows Live
2011-02-22 23:02 . 2011-02-22 23:02 -------- d-----w- d:\program files (x86)\Common Files\Windows Live
2011-02-22 22:07 . 2011-02-25 21:16 -------- d-----w- d:\users\Seth\AppData\Roaming\Apple Computer
2011-02-22 22:07 . 2011-02-22 22:07 -------- d-----w- d:\users\Seth\AppData\Local\Apple Computer
2011-02-22 22:07 . 2011-02-22 22:07 -------- dc----w- d:\windows\system32\DRVSTORE
2011-02-22 22:07 . 2009-05-18 18:17 34152 ----a-w- d:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-22 22:07 . 2008-04-17 17:12 126312 ----a-w- d:\windows\system32\GEARAspi64.dll
2011-02-22 22:07 . 2008-04-17 17:12 107368 ----a-w- d:\windows\SysWow64\GEARAspi.dll
2011-02-22 22:06 . 2011-02-22 22:07 -------- d-----w- d:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-02-22 22:06 . 2011-02-22 22:07 -------- d-----w- d:\program files\iTunes
2011-02-22 22:06 . 2011-02-22 22:07 -------- d-----w- d:\program files (x86)\iTunes
2011-02-22 22:06 . 2011-02-22 22:06 -------- d-----w- d:\program files\iPod
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-22 22:04 . 2011-02-22 22:06 -------- d-----w- d:\programdata\Apple Computer
2011-02-22 22:04 . 2011-02-22 22:04 -------- d-----w- d:\program files (x86)\QuickTime
2011-02-22 22:04 . 2011-02-22 22:04 -------- d-----w- d:\users\Seth\AppData\Local\Apple
2011-02-22 22:04 . 2011-02-22 22:04 -------- d-----w- d:\program files (x86)\Apple Software Update
2011-02-22 22:04 . 2011-02-22 22:04 -------- d-----w- d:\program files\Common Files\Apple
2011-02-22 22:03 . 2011-02-22 22:03 -------- d-----w- d:\program files\Bonjour
2011-02-22 22:03 . 2011-02-22 22:03 -------- d-----w- d:\program files (x86)\Bonjour
2011-02-22 22:03 . 2011-02-22 22:08 -------- d-----w- d:\programdata\Apple
2011-02-22 22:03 . 2011-02-22 22:06 -------- d-----w- d:\program files (x86)\Common Files\Apple
2011-02-22 19:07 . 2011-02-22 19:07 -------- d-----w- d:\programdata\Hewlett-Packard
2011-02-22 19:07 . 2009-07-14 01:41 230400 ----a-w- d:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-02-22 19:07 . 2009-08-14 14:53 33792 ----a-w- d:\windows\system32\Spool\prtprocs\x64\ssp4mpc.dll
2011-02-22 18:30 . 2011-02-22 18:30 -------- dc----w- d:\users\Seth\AppData\Local\MigWiz
2011-02-22 18:03 . 2011-01-20 15:39 7844688 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{5D538A6F-014D-4F6E-819F-EEA0EB184F99}\mpengine.dll
2011-02-20 20:18 . 2011-02-20 20:18 -------- d-----w- d:\users\Seth\AppData\Local\Diagnostics
2011-02-19 17:25 . 2011-02-19 17:25 -------- d-----w- d:\users\Seth\AppData\Local\My Games
2011-02-19 06:14 . 2011-02-19 06:14 -------- d-----w- d:\windows\SysWow64\Macromed
2011-02-18 17:42 . 2011-03-01 00:29 -------- d-----w- d:\users\Seth\AppData\Roaming\SystemRequirementsLab
2011-02-17 21:36 . 2011-01-07 06:01 1638912 ----a-w- d:\windows\SysWow64\mshtml.tlb
2011-02-17 21:36 . 2011-01-07 09:51 1638912 ----a-w- d:\windows\system32\mshtml.tlb
2011-02-17 21:36 . 2010-12-17 11:40 715776 ----a-w- d:\windows\system32\kerberos.dll
2011-02-17 21:36 . 2010-12-17 07:07 542208 ----a-w- d:\windows\SysWow64\kerberos.dll
2011-02-17 21:36 . 2011-01-05 06:56 3129344 ----a-w- d:\windows\system32\win32k.sys
2011-02-17 21:35 . 2010-12-17 11:42 214016 ----a-w- d:\windows\system32\winsrv.dll
2011-02-17 21:35 . 2011-01-05 10:34 612864 ----a-w- d:\windows\system32\vbscript.dll
2011-02-17 21:35 . 2011-01-05 05:55 428032 ----a-w- d:\windows\SysWow64\vbscript.dll
2011-02-17 21:35 . 2011-01-07 12:14 46080 ----a-w- d:\windows\system32\atmlib.dll
2011-02-17 21:35 . 2011-01-07 09:20 366592 ----a-w- d:\windows\system32\atmfd.dll
2011-02-17 21:35 . 2011-01-07 07:45 34304 ----a-w- d:\windows\SysWow64\atmlib.dll
2011-02-17 21:35 . 2011-01-07 05:43 294400 ----a-w- d:\windows\SysWow64\atmfd.dll
2011-02-17 21:35 . 2010-09-30 10:41 100864 ----a-w- d:\windows\system32\fontsub.dll
2011-02-17 21:35 . 2010-09-30 06:47 70656 ----a-w- d:\windows\SysWow64\fontsub.dll
2011-01-31 20:04 . 2011-01-31 20:04 -------- d-----w- d:\users\Seth\AppData\Local\ESET
2011-01-31 17:33 . 2011-01-26 20:19 381144 ----a-w- d:\windows\sediag.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 23:40 . 2009-07-14 02:36 175616 ----a-w- d:\windows\system32\msclmd.dll
2011-02-27 23:40 . 2009-07-14 02:36 152576 ----a-w- d:\windows\SysWow64\msclmd.dll
2011-02-02 22:11 . 2011-01-25 00:20 270720 ------w- d:\windows\system32\MpSigStub.exe
2011-01-25 04:18 . 2011-01-25 04:18 411368 ----a-w- d:\windows\SysWow64\deployJava1.dll
2010-12-15 04:14 . 2010-12-15 04:14 591200 ----a-w- d:\windows\system32\ipcoin801.dll
2010-12-14 23:51 . 2010-12-14 23:51 51712 ----a-w- d:\windows\system32\drivers\usbaapl64.sys
2010-12-14 23:51 . 2010-12-14 23:51 4184352 ----a-w- d:\windows\system32\usbaaplrc.dll
2010-12-07 17:17 . 2010-12-07 17:17 51200 ----a-w- d:\windows\SysWow64\OpenCL.dll
2010-12-07 17:15 . 2010-12-07 17:15 52736 ----a-w- d:\windows\system32\OpenCL.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- d:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"HControlUser"="d:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="d:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="d:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2010-01-05 170624]
"SunJavaUpdateSched"="d:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;d:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 1394ohci;1394 OHCI Compliant Host Controller;d:\windows\system32\drivers\1394ohci.sys [2010-11-20 229888]
R3 AcpiPmi;ACPI Power Meter Driver;d:\windows\system32\drivers\acpipmi.sys [2010-11-20 12800]
R3 adp94xx;adp94xx;d:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 491088]
R3 adpahci;adpahci;d:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 339536]
R3 amdsata;amdsata;d:\windows\system32\drivers\amdsata.sys [2010-11-20 107904]
R3 amdsbs;amdsbs;d:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 194128]
R3 AppID;AppID Driver;d:\windows\system32\drivers\appid.sys [2010-11-20 61440]
R3 AppIDSvc;Application Identity;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 arcsas;arcsas;d:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 97856]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsPrOb64.sys [x]
R3 b06bdrv;Broadcom NetXtreme II VBD;d:\windows\system32\DRIVERS\bxvbda.sys [2009-06-10 468480]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;d:\windows\system32\DRIVERS\b57nd60a.sys [2009-06-10 270848]
R3 BDESVC;BitLocker Drive Encryption Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;d:\windows\system32\DRIVERS\BrFiltLo.sys [2009-06-10 18432]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;d:\windows\system32\DRIVERS\BrFiltUp.sys [2009-06-10 8704]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);d:\windows\System32\Drivers\Brserid.sys [2009-07-14 286720]
R3 BrSerWdm;Brother WDM Serial driver;d:\windows\System32\Drivers\BrSerWdm.sys [2009-06-10 47104]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;d:\windows\System32\Drivers\BrUsbMdm.sys [2009-06-10 14976]
R3 CertPropSvc;Certificate Propagation;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 circlass;Consumer IR Devices;d:\windows\system32\DRIVERS\circlass.sys [2009-07-14 45568]
R3 defragsvc;Disk Defragmenter;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;d:\windows\system32\DRIVERS\evbda.sys [2009-06-10 3286016]
R3 elxstor;elxstor;d:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 530496]
R3 Filetrace;Filetrace;d:\windows\system32\drivers\filetrace.sys [2009-07-13 34304]
R3 FsDepends;File System Dependency Minifilter;d:\windows\system32\drivers\FsDepends.sys [2009-07-14 55376]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;d:\windows\system32\drivers\hcw85cir.sys [2009-06-10 31232]
R3 HpSAMD;HpSAMD;d:\windows\system32\drivers\HpSAMD.sys [2010-11-20 78720]
R3 iaStorV;Intel RAID Controller Windows 7;d:\windows\system32\drivers\iaStorV.sys [2010-11-20 410496]
R3 IPBusEnum;PnP-X IP Bus Enumerator;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPMIDRV;IPMIDRV;d:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 78848]
R3 iScsiPrt;iScsiPort Driver;d:\windows\system32\drivers\msiscsi.sys [2010-11-20 273792]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LSI_FC;LSI_FC;d:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 114752]
R3 LSI_SAS;LSI_SAS;d:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 106560]
R3 LSI_SAS2;LSI_SAS2;d:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 65600]
R3 LSI_SCSI;LSI_SCSI;d:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 115776]
R3 megasas;megasas;d:\windows\system32\DRIVERS\megasas.sys [2009-07-14 35392]
R3 mpio;Microsoft Multi-Path Bus Driver;d:\windows\system32\drivers\mpio.sys [2010-11-20 155008]
R3 msdsm;Microsoft Multi-Path Device Specific Module;d:\windows\system32\drivers\msdsm.sys [2010-11-20 140672]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;d:\windows\System32\drivers\mshidkmdf.sys [2009-07-14 8192]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;d:\windows\system32\DRIVERS\MTConfig.sys [2009-07-14 15360]
R3 NdisCap;NDIS Capture LightWeight Filter;d:\windows\system32\DRIVERS\ndiscap.sys [2009-07-14 35328]
R3 nfrd960;nfrd960;d:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 51264]
R3 nvstor;nvstor;d:\windows\system32\drivers\nvstor.sys [2010-11-20 166272]
R3 PeerDistSvc;BranchCache;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PerfHost;Performance Counter DLL Host;d:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ql2300;ql2300;d:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1524816]
R3 ql40xx;ql40xx;d:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 128592]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 s3cap;s3cap;d:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
R3 scfilter;Smart card PnP Class Filter Driver;d:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 29696]
R3 SCPolicySvc;Smart Card Removal Policy;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SDRSVC;Windows Backup;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SensrSvc;Adaptive Brightness;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SessionEnv;Remote Desktop Configuration;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;d:\windows\system32\drivers\sffp_mmc.sys [2009-07-14 13824]
R3 SiSRaid4;SiSRaid4;d:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 80464]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);d:\windows\system32\DRIVERS\smb.sys [2009-07-14 93184]
R3 sppuinotify;SPP Notification Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 stexstor;stexstor;d:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 24656]
R3 storvsc;storvsc;d:\windows\system32\drivers\storvsc.sys [2010-11-20 34688]
R3 Synth3dVsc;Synth3dVsc;d:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TabletInputService;Tablet PC Input Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TBS;TPM Base Services;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 THREADORDER;Thread Ordering Server;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 TrustedInstaller;Windows Modules Installer;d:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;d:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 39424]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;d:\windows\system32\drivers\tsusbhub.sys [x]
R3 UI0Detect;Interactive Services Detection;d:\windows\system32\UI0Detect.exe [2009-07-14 40960]
R3 uliagpkx;Uli AGP Bus Filter;d:\windows\system32\drivers\uliagpkx.sys [2009-07-14 64592]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 USBAAPL64;Apple Mobile USB Driver;d:\windows\system32\Drivers\usbaapl64.sys [2010-12-14 51712]
R3 usbcir;eHome Infrared Receiver (USBCIR);d:\windows\system32\drivers\usbcir.sys [2009-07-14 100352]
R3 VaultSvc;Credential Manager;d:\windows\system32\lsass.exe [2009-07-14 31232]
R3 VGPU;VGPU;d:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vhdmp;vhdmp;d:\windows\system32\drivers\vhdmp.sys [2010-11-20 215936]
R3 VMBusHID;VMBusHID;d:\windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
R3 vsmraid;vsmraid;d:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 161872]
R3 WacomPen;Wacom Serial Pen HID Driver;d:\windows\system32\DRIVERS\wacompen.sys [2009-07-14 27776]
R3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\Wat\WatAdminSvc.exe [2011-01-25 1255736]
R3 wbengine;Block Level Backup Engine Service;d:\windows\system32\wbengine.exe [2010-11-20 1504256]
R3 WbioSrvc;Windows Biometric Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wcncsvc;Windows Connect Now - Config Registrar;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WcsPlugInService;Windows Color System;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Wd;Wd;d:\windows\system32\DRIVERS\wd.sys [2009-07-14 21056]
R3 Wecsvc;Windows Event Collector;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WerSvc;Windows Error Reporting Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WIMMount;WIMMount;d:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 WinRM;Windows Remote Management (WS-Management);d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WPCSvc;Parental Controls;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPDBusEnum;Portable Device Enumerator Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WwanSvc;WWAN AutoConfig;d:\windows\system32\svchost.exe [2009-07-14 27136]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;d:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
R4 Mcx2Svc;Media Center Extender Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
S0 amdxata;amdxata;d:\windows\system32\drivers\amdxata.sys [2010-11-20 27008]
S0 CLFS;Common Log (CLFS);d:\windows\System32\CLFS.sys [2009-07-14 367696]
S0 CNG;CNG;d:\windows\System32\Drivers\cng.sys [2010-11-20 459248]
S0 FileInfo;File Information FS MiniFilter;d:\windows\system32\drivers\fileinfo.sys [2009-07-14 70224]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;d:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 223248]
S0 hwpolicy;Hardware Policy Driver;d:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
S0 KSecPkg;KSecPkg;d:\windows\System32\Drivers\ksecpkg.sys [2010-11-20 152960]
S0 msahci;msahci;d:\windows\system32\drivers\msahci.sys [2010-11-20 31104]
S0 msisadrv;msisadrv;d:\windows\system32\drivers\msisadrv.sys [2009-07-14 15424]
S0 pcw;Performance Counters for Windows Driver;d:\windows\System32\drivers\pcw.sys [2009-07-14 50768]
S0 rdyboost;ReadyBoost;d:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;d:\windows\system32\drivers\vmstorfl.sys [2010-11-20 46464]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;d:\windows\system32\drivers\vdrvroot.sys [2009-07-14 36432]
S0 vmbus;Virtual Machine Bus;d:\windows\system32\drivers\vmbus.sys [2010-11-20 199552]
S0 volmgr;Volume Manager Driver;d:\windows\system32\drivers\volmgr.sys [2010-11-20 71552]
S0 volmgrx;Dynamic Volume Manager;d:\windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
S1 blbdrive;blbdrive;d:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 45056]
S1 CSC;Offline Files Driver;d:\windows\system32\drivers\csc.sys [2010-11-20 514560]
S1 DfsC;DFS Namespace Client Driver;d:\windows\system32\Drivers\dfsc.sys [2010-11-20 102400]
S1 discache;System Attribute Cache;d:\windows\system32\drivers\discache.sys [2009-07-13 40448]
S1 nsiproxy;NSI proxy service driver.;d:\windows\system32\drivers\nsiproxy.sys [2009-07-13 24576]
S1 RDPENCDD;RDP Encoder Mirror Driver;d:\windows\system32\drivers\rdpencdd.sys [2009-07-14 7680]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;d:\windows\system32\drivers\rdprefmp.sys [2009-07-14 8192]
S1 tdx;NetIO Legacy TDI Support Driver;d:\windows\system32\DRIVERS\tdx.sys [2010-11-20 119296]
S1 vwififlt;Virtual WiFi Filter Driver;d:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;d:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 88576]
S1 WfpLwf;WFP Lightweight Filter;d:\windows\system32\DRIVERS\wfplwf.sys [2009-07-14 12800]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BFE;Base Filtering Engine;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 CscService;Offline Files;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 DPS;Diagnostic Policy Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 FDResPub;Function Discovery Resource Publication;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 FontCache;Windows Font Cache Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 gpsvc;Group Policy Client;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 iphlpsvc;IP Helper;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;d:\windows\system32\DRIVERS\lltdio.sys [2009-07-14 60928]
S2 luafv;UAC File Virtualization;d:\windows\system32\drivers\luafv.sys [2009-07-13 113152]
S2 MMCSS;Multimedia Class Scheduler;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MpsSvc;Windows Firewall;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NlaSvc;Network Location Awareness;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nsi;Network Store Interface Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PcaSvc;Program Compatibility Assistant Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PEAUTH;PEAUTH;d:\windows\system32\drivers\peauth.sys [2009-07-14 651264]
S2 Power;Power;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ProfSvc;User Profile Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RpcEptMapper;RPC Endpoint Mapper;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 sppsvc;Software Protection;d:\windows\system32\sppsvc.exe [2010-11-20 3524608]
S2 SysMain;Superfetch;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 tcpipreg;TCP/IP Registry Compatibility;d:\windows\system32\drivers\tcpipreg.sys [2010-11-20 45056]
S2 UNS;Intel® Management & Security Application User Notification Service;d:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 UxSms;Desktop Window Manager Session Manager;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 WinDefend;Windows Defender;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Wlansvc;WLAN AutoConfig;d:\windows\system32\svchost.exe [2009-07-14 27136]
S3 amdkmdag;amdkmdag;d:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;d:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 Appinfo;Application Information;d:\windows\system32\svchost.exe [2009-07-14 27136]
S3 bowser;Browser Support Driver;d:\windows\system32\DRIVERS\bowser.sys [2009-07-13 90624]
S3 CompositeBus;Composite Bus Enumerator Driver;d:\windows\system32\drivers\CompositeBus.sys [2010-11-20 38912]
S3 DXGKrnl;LDDM Graphics Subsystem;d:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 982912]
S3 ETD;ELAN PS/2 Port Input Device;d:\windows\system32\DRIVERS\ETD.sys [2010-01-18 128512]
S3 fdPHost;Function Discovery Provider Host;d:\windows\system32\svchost.exe [2009-07-14 27136]
S3 HECIx64;Intel® Management Engine Interface;d:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 HomeGroupListener;HomeGroup Listener;d:\windows\System32\svchost.exe [2009-07-14 27136]
S3 HomeGroupProvider;HomeGroup Provider;d:\windows\System32\svchost.exe [2009-07-14 27136]
S3 KeyIso;CNG Key Isolation;d:\windows\system32\lsass.exe [2009-07-14 31232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;d:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]
S3 monitor;Microsoft Monitor Class Function Driver Service;d:\windows\system32\DRIVERS\monitor.sys [2009-07-13 30208]
S3 mpsdrv;Windows Firewall Authorization Driver;d:\windows\system32\drivers\mpsdrv.sys [2009-07-14 77312]
S3 mrxsmb10;SMB 1.x MiniRedirector;d:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 287744]
S3 mrxsmb20;SMB 2.0 MiniRedirector;d:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 128000]
S3 NativeWifiP;NativeWiFi Filter;d:\windows\system32\DRIVERS\nwifi.sys [2009-07-14 318976]
S3 netprofm;Network List Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;d:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;d:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 RasAgileVpn;WAN Miniport (IKEv2);d:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 60416]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;d:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 24064]
S3 srv2;Server SMB 2.xxx Driver;d:\windows\system32\DRIVERS\srv2.sys [2010-11-20 413184]
S3 srvnet;srvnet;d:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 167936]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;d:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 125440]
S3 umbus;UMBus Enumerator Driver;d:\windows\system32\drivers\umbus.sys [2010-11-20 48640]
S3 vwifibus;Virtual WiFi Bus Driver;d:\windows\system32\DRIVERS\vwifibus.sys [2009-07-14 24576]
S3 WdiServiceHost;Diagnostic Service Host;d:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WdiSystemHost;Diagnostic System Host;d:\windows\System32\svchost.exe [2009-07-14 27136]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
wcssvc REG_MULTI_SZ WcsPlugInService

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv

.
Contents of the 'Scheduled Tasks' folder

2011-03-01 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213022646-1501092907-3097980410-1001Core.job
- d:\users\Seth\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 00:04]

2011-03-01 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213022646-1501092907-3097980410-1001UA.job
- d:\users\Seth\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 00:04]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 13:27 509952 ----a-w- d:\windows\System32\ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="d:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"AmIcoSinglun64"="d:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
------- Supplementary Scan -------
.
uLocal Page = d:\windows\system32\blank.htm
mLocal Page = d:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
HKLM-Run-ETDWare - %ProgramFiles%\Elantech\ETDCtrl.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
d:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files (x86)\Bonjour\mDNSResponder.exe
d:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
d:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
d:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
d:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Completion time: 2011-03-01 01:15:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-01 06:15

Pre-Run: 282,522,976,256 bytes free
Post-Run: 282,417,393,664 bytes free

- - End Of File - - 131CA3DD5F95FCC87237C48CEEA6D567

#6 bandalf

bandalf
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 01 March 2011 - 01:20 AM

Thank you again for your attention! I ran combofix. I've done some searches on google and so far so good. Here is the combofix log. Thanks again for your help!


ComboFix 11-02-28.03 - Seth 01/03/2011 1:05.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4021.2995 [GMT -5:00]
Running from: d:\users\Seth\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Install.exe

.
((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-03-01 06:04 . 2011-03-01 06:04 -------- d-----w- D:\32788R22FWJFW
2011-03-01 01:18 . 2011-03-01 01:18 -------- d-----w- d:\program files\7-Zip
2011-03-01 00:46 . 2011-03-01 00:46 -------- d-----w- d:\program files (x86)\Lavalys
2011-02-27 23:32 . 2011-02-27 23:32 -------- d-----w- d:\windows\system32\SPReview
2011-02-27 23:32 . 2011-02-27 23:32 -------- d-----w- d:\windows\system32\EventProviders
2011-02-27 23:28 . 2010-11-20 13:39 5066752 ----a-w- d:\windows\system32\AuthFWSnapin.dll
2011-02-27 23:27 . 2010-11-20 13:33 31104 ----a-w- d:\windows\system32\drivers\msahci.sys
2011-02-27 23:26 . 2010-11-20 13:27 47104 ----a-w- d:\windows\system32\wshbth.dll
2011-02-27 23:22 . 2010-11-20 13:27 524288 ----a-w- d:\windows\system32\wmicmiplugin.dll
2011-02-27 23:22 . 2010-11-20 13:27 529408 ----a-w- d:\windows\system32\wbemcomn.dll
2011-02-27 23:22 . 2010-11-20 13:27 1225216 ----a-w- d:\windows\system32\wbem\wbemcore.dll
2011-02-27 23:21 . 2010-11-20 13:27 933376 ----a-w- d:\windows\system32\SmiEngine.dll
2011-02-27 23:21 . 2010-11-20 13:25 199168 ----a-w- d:\windows\system32\PkgMgr.exe
2011-02-27 23:21 . 2010-11-20 13:26 422912 ----a-w- d:\windows\system32\drvstore.dll
2011-02-27 23:21 . 2010-11-20 13:26 399872 ----a-w- d:\windows\system32\dpx.dll
2011-02-27 22:25 . 2011-02-27 22:25 -------- d-----w- d:\users\Seth\AppData\Roaming\vlc
2011-02-27 22:24 . 2011-02-27 22:24 -------- d-----w- d:\program files (x86)\VideoLAN
2011-02-25 18:11 . 2011-02-25 18:11 -------- d-----w- d:\users\Seth\AppData\Roaming\AVG10
2011-02-25 18:07 . 2011-02-25 18:07 -------- d--h--w- d:\programdata\Common Files
2011-02-25 18:06 . 2011-03-01 05:55 -------- d-----w- d:\programdata\AVG10
2011-02-25 18:06 . 2011-02-25 18:21 -------- d-----w- d:\program files (x86)\AVG
2011-02-25 17:33 . 2011-02-25 18:06 -------- d-----w- d:\programdata\MFAData
2011-02-24 05:16 . 2011-03-01 05:49 -------- d-----w- d:\users\Seth\AppData\Roaming\Malwarebytes
2011-02-23 18:41 . 2011-02-23 18:42 -------- d-----w- d:\users\Seth\AppData\Local\{16F11F1D-74A1-4F25-A03C-114414793459}
2011-02-23 18:24 . 2011-01-07 12:17 475648 ----a-w- d:\windows\system32\XpsGdiConverter.dll
2011-02-23 18:24 . 2011-01-07 12:17 1465344 ----a-w- d:\windows\system32\XpsPrint.dll
2011-02-23 18:24 . 2011-01-07 07:46 870912 ----a-w- d:\windows\SysWow64\XpsPrint.dll
2011-02-23 18:24 . 2011-01-07 07:46 288256 ----a-w- d:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 23:18 . 2011-02-22 23:18 -------- d-----w- d:\users\Seth\AppData\Local\{44576123-0333-468C-AACD-EA2A2A0B1BD8}
2011-02-22 23:12 . 2011-02-22 23:12 -------- d-----w- d:\windows\en
2011-02-22 23:10 . 2011-02-22 23:10 -------- d-----w- d:\program files (x86)\Microsoft SQL Server Compact Edition
2011-02-22 23:08 . 2011-02-22 23:10 -------- d-----w- d:\program files (x86)\Windows Live
2011-02-22 23:08 . 2011-02-22 23:08 -------- d-----w- d:\windows\PCHEALTH
2011-02-22 23:02 . 2011-02-22 23:17 -------- d-----w- d:\users\Seth\AppData\Local\Windows Live
2011-02-22 23:02 . 2011-02-22 23:02 -------- d-----w- d:\program files (x86)\Common Files\Windows Live
2011-02-22 22:07 . 2011-02-25 21:16 -------- d-----w- d:\users\Seth\AppData\Roaming\Apple Computer
2011-02-22 22:07 . 2011-02-22 22:07 -------- d-----w- d:\users\Seth\AppData\Local\Apple Computer
2011-02-22 22:07 . 2011-02-22 22:07 -------- dc----w- d:\windows\system32\DRVSTORE
2011-02-22 22:07 . 2009-05-18 18:17 34152 ----a-w- d:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-22 22:07 . 2008-04-17 17:12 126312 ----a-w- d:\windows\system32\GEARAspi64.dll
2011-02-22 22:07 . 2008-04-17 17:12 107368 ----a-w- d:\windows\SysWow64\GEARAspi.dll
2011-02-22 22:06 . 2011-02-22 22:07 -------- d-----w- d:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-02-22 22:06 . 2011-02-22 22:07 -------- d-----w- d:\program files\iTunes
2011-02-22 22:06 . 2011-02-22 22:07 -------- d-----w- d:\program files (x86)\iTunes
2011-02-22 22:06 . 2011-02-22 22:06 -------- d-----w- d:\program files\iPod
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-22 22:04 . 2011-02-22 22:04 159744 ----a-w- d:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-22 22:04 . 2011-02-22 22:06 -------- d-----w- d:\programdata\Apple Computer
2011-02-22 22:04 . 2011-02-22 22:04 -------- d-----w- d:\program files (x86)\QuickTime
2011-02-22 22:04 . 2011-02-22 22:04 -------- d-----w- d:\users\Seth\AppData\Local\Apple
2011-02-22 22:04 . 2011-02-22 22:04 -------- d-----w- d:\program files (x86)\Apple Software Update
2011-02-22 22:04 . 2011-02-22 22:04 -------- d-----w- d:\program files\Common Files\Apple
2011-02-22 22:03 . 2011-02-22 22:03 -------- d-----w- d:\program files\Bonjour
2011-02-22 22:03 . 2011-02-22 22:03 -------- d-----w- d:\program files (x86)\Bonjour
2011-02-22 22:03 . 2011-02-22 22:08 -------- d-----w- d:\programdata\Apple
2011-02-22 22:03 . 2011-02-22 22:06 -------- d-----w- d:\program files (x86)\Common Files\Apple
2011-02-22 19:07 . 2011-02-22 19:07 -------- d-----w- d:\programdata\Hewlett-Packard
2011-02-22 19:07 . 2009-07-14 01:41 230400 ----a-w- d:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-02-22 19:07 . 2009-08-14 14:53 33792 ----a-w- d:\windows\system32\Spool\prtprocs\x64\ssp4mpc.dll
2011-02-22 18:30 . 2011-02-22 18:30 -------- dc----w- d:\users\Seth\AppData\Local\MigWiz
2011-02-22 18:03 . 2011-01-20 15:39 7844688 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{5D538A6F-014D-4F6E-819F-EEA0EB184F99}\mpengine.dll
2011-02-20 20:18 . 2011-02-20 20:18 -------- d-----w- d:\users\Seth\AppData\Local\Diagnostics
2011-02-19 17:25 . 2011-02-19 17:25 -------- d-----w- d:\users\Seth\AppData\Local\My Games
2011-02-19 06:14 . 2011-02-19 06:14 -------- d-----w- d:\windows\SysWow64\Macromed
2011-02-18 17:42 . 2011-03-01 00:29 -------- d-----w- d:\users\Seth\AppData\Roaming\SystemRequirementsLab
2011-02-17 21:36 . 2011-01-07 06:01 1638912 ----a-w- d:\windows\SysWow64\mshtml.tlb
2011-02-17 21:36 . 2011-01-07 09:51 1638912 ----a-w- d:\windows\system32\mshtml.tlb
2011-02-17 21:36 . 2010-12-17 11:40 715776 ----a-w- d:\windows\system32\kerberos.dll
2011-02-17 21:36 . 2010-12-17 07:07 542208 ----a-w- d:\windows\SysWow64\kerberos.dll
2011-02-17 21:36 . 2011-01-05 06:56 3129344 ----a-w- d:\windows\system32\win32k.sys
2011-02-17 21:35 . 2010-12-17 11:42 214016 ----a-w- d:\windows\system32\winsrv.dll
2011-02-17 21:35 . 2011-01-05 10:34 612864 ----a-w- d:\windows\system32\vbscript.dll
2011-02-17 21:35 . 2011-01-05 05:55 428032 ----a-w- d:\windows\SysWow64\vbscript.dll
2011-02-17 21:35 . 2011-01-07 12:14 46080 ----a-w- d:\windows\system32\atmlib.dll
2011-02-17 21:35 . 2011-01-07 09:20 366592 ----a-w- d:\windows\system32\atmfd.dll
2011-02-17 21:35 . 2011-01-07 07:45 34304 ----a-w- d:\windows\SysWow64\atmlib.dll
2011-02-17 21:35 . 2011-01-07 05:43 294400 ----a-w- d:\windows\SysWow64\atmfd.dll
2011-02-17 21:35 . 2010-09-30 10:41 100864 ----a-w- d:\windows\system32\fontsub.dll
2011-02-17 21:35 . 2010-09-30 06:47 70656 ----a-w- d:\windows\SysWow64\fontsub.dll
2011-01-31 20:04 . 2011-01-31 20:04 -------- d-----w- d:\users\Seth\AppData\Local\ESET
2011-01-31 17:33 . 2011-01-26 20:19 381144 ----a-w- d:\windows\sediag.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 23:40 . 2009-07-14 02:36 175616 ----a-w- d:\windows\system32\msclmd.dll
2011-02-27 23:40 . 2009-07-14 02:36 152576 ----a-w- d:\windows\SysWow64\msclmd.dll
2011-02-02 22:11 . 2011-01-25 00:20 270720 ------w- d:\windows\system32\MpSigStub.exe
2011-01-25 04:18 . 2011-01-25 04:18 411368 ----a-w- d:\windows\SysWow64\deployJava1.dll
2010-12-15 04:14 . 2010-12-15 04:14 591200 ----a-w- d:\windows\system32\ipcoin801.dll
2010-12-14 23:51 . 2010-12-14 23:51 51712 ----a-w- d:\windows\system32\drivers\usbaapl64.sys
2010-12-14 23:51 . 2010-12-14 23:51 4184352 ----a-w- d:\windows\system32\usbaaplrc.dll
2010-12-07 17:17 . 2010-12-07 17:17 51200 ----a-w- d:\windows\SysWow64\OpenCL.dll
2010-12-07 17:15 . 2010-12-07 17:15 52736 ----a-w- d:\windows\system32\OpenCL.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- d:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"HControlUser"="d:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="d:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="d:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2010-01-05 170624]
"SunJavaUpdateSched"="d:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;d:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 1394ohci;1394 OHCI Compliant Host Controller;d:\windows\system32\drivers\1394ohci.sys [2010-11-20 229888]
R3 AcpiPmi;ACPI Power Meter Driver;d:\windows\system32\drivers\acpipmi.sys [2010-11-20 12800]
R3 adp94xx;adp94xx;d:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 491088]
R3 adpahci;adpahci;d:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 339536]
R3 amdsata;amdsata;d:\windows\system32\drivers\amdsata.sys [2010-11-20 107904]
R3 amdsbs;amdsbs;d:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 194128]
R3 AppID;AppID Driver;d:\windows\system32\drivers\appid.sys [2010-11-20 61440]
R3 AppIDSvc;Application Identity;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 arcsas;arcsas;d:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 97856]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsPrOb64.sys [x]
R3 b06bdrv;Broadcom NetXtreme II VBD;d:\windows\system32\DRIVERS\bxvbda.sys [2009-06-10 468480]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;d:\windows\system32\DRIVERS\b57nd60a.sys [2009-06-10 270848]
R3 BDESVC;BitLocker Drive Encryption Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;d:\windows\system32\DRIVERS\BrFiltLo.sys [2009-06-10 18432]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;d:\windows\system32\DRIVERS\BrFiltUp.sys [2009-06-10 8704]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);d:\windows\System32\Drivers\Brserid.sys [2009-07-14 286720]
R3 BrSerWdm;Brother WDM Serial driver;d:\windows\System32\Drivers\BrSerWdm.sys [2009-06-10 47104]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;d:\windows\System32\Drivers\BrUsbMdm.sys [2009-06-10 14976]
R3 CertPropSvc;Certificate Propagation;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 circlass;Consumer IR Devices;d:\windows\system32\DRIVERS\circlass.sys [2009-07-14 45568]
R3 defragsvc;Disk Defragmenter;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;d:\windows\system32\DRIVERS\evbda.sys [2009-06-10 3286016]
R3 elxstor;elxstor;d:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 530496]
R3 Filetrace;Filetrace;d:\windows\system32\drivers\filetrace.sys [2009-07-13 34304]
R3 FsDepends;File System Dependency Minifilter;d:\windows\system32\drivers\FsDepends.sys [2009-07-14 55376]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;d:\windows\system32\drivers\hcw85cir.sys [2009-06-10 31232]
R3 HpSAMD;HpSAMD;d:\windows\system32\drivers\HpSAMD.sys [2010-11-20 78720]
R3 iaStorV;Intel RAID Controller Windows 7;d:\windows\system32\drivers\iaStorV.sys [2010-11-20 410496]
R3 IPBusEnum;PnP-X IP Bus Enumerator;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPMIDRV;IPMIDRV;d:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 78848]
R3 iScsiPrt;iScsiPort Driver;d:\windows\system32\drivers\msiscsi.sys [2010-11-20 273792]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LSI_FC;LSI_FC;d:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 114752]
R3 LSI_SAS;LSI_SAS;d:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 106560]
R3 LSI_SAS2;LSI_SAS2;d:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 65600]
R3 LSI_SCSI;LSI_SCSI;d:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 115776]
R3 megasas;megasas;d:\windows\system32\DRIVERS\megasas.sys [2009-07-14 35392]
R3 mpio;Microsoft Multi-Path Bus Driver;d:\windows\system32\drivers\mpio.sys [2010-11-20 155008]
R3 msdsm;Microsoft Multi-Path Device Specific Module;d:\windows\system32\drivers\msdsm.sys [2010-11-20 140672]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;d:\windows\System32\drivers\mshidkmdf.sys [2009-07-14 8192]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;d:\windows\system32\DRIVERS\MTConfig.sys [2009-07-14 15360]
R3 NdisCap;NDIS Capture LightWeight Filter;d:\windows\system32\DRIVERS\ndiscap.sys [2009-07-14 35328]
R3 nfrd960;nfrd960;d:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 51264]
R3 nvstor;nvstor;d:\windows\system32\drivers\nvstor.sys [2010-11-20 166272]
R3 PeerDistSvc;BranchCache;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PerfHost;Performance Counter DLL Host;d:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ql2300;ql2300;d:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1524816]
R3 ql40xx;ql40xx;d:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 128592]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 s3cap;s3cap;d:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
R3 scfilter;Smart card PnP Class Filter Driver;d:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 29696]
R3 SCPolicySvc;Smart Card Removal Policy;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SDRSVC;Windows Backup;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SensrSvc;Adaptive Brightness;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SessionEnv;Remote Desktop Configuration;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;d:\windows\system32\drivers\sffp_mmc.sys [2009-07-14 13824]
R3 SiSRaid4;SiSRaid4;d:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 80464]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);d:\windows\system32\DRIVERS\smb.sys [2009-07-14 93184]
R3 sppuinotify;SPP Notification Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 stexstor;stexstor;d:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 24656]
R3 storvsc;storvsc;d:\windows\system32\drivers\storvsc.sys [2010-11-20 34688]
R3 Synth3dVsc;Synth3dVsc;d:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TabletInputService;Tablet PC Input Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TBS;TPM Base Services;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 THREADORDER;Thread Ordering Server;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 TrustedInstaller;Windows Modules Installer;d:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;d:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 39424]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;d:\windows\system32\drivers\tsusbhub.sys [x]
R3 UI0Detect;Interactive Services Detection;d:\windows\system32\UI0Detect.exe [2009-07-14 40960]
R3 uliagpkx;Uli AGP Bus Filter;d:\windows\system32\drivers\uliagpkx.sys [2009-07-14 64592]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 USBAAPL64;Apple Mobile USB Driver;d:\windows\system32\Drivers\usbaapl64.sys [2010-12-14 51712]
R3 usbcir;eHome Infrared Receiver (USBCIR);d:\windows\system32\drivers\usbcir.sys [2009-07-14 100352]
R3 VaultSvc;Credential Manager;d:\windows\system32\lsass.exe [2009-07-14 31232]
R3 VGPU;VGPU;d:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vhdmp;vhdmp;d:\windows\system32\drivers\vhdmp.sys [2010-11-20 215936]
R3 VMBusHID;VMBusHID;d:\windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
R3 vsmraid;vsmraid;d:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 161872]
R3 WacomPen;Wacom Serial Pen HID Driver;d:\windows\system32\DRIVERS\wacompen.sys [2009-07-14 27776]
R3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\Wat\WatAdminSvc.exe [2011-01-25 1255736]
R3 wbengine;Block Level Backup Engine Service;d:\windows\system32\wbengine.exe [2010-11-20 1504256]
R3 WbioSrvc;Windows Biometric Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wcncsvc;Windows Connect Now - Config Registrar;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WcsPlugInService;Windows Color System;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Wd;Wd;d:\windows\system32\DRIVERS\wd.sys [2009-07-14 21056]
R3 Wecsvc;Windows Event Collector;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WerSvc;Windows Error Reporting Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WIMMount;WIMMount;d:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 WinRM;Windows Remote Management (WS-Management);d:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WPCSvc;Parental Controls;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPDBusEnum;Portable Device Enumerator Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WwanSvc;WWAN AutoConfig;d:\windows\system32\svchost.exe [2009-07-14 27136]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;d:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
R4 Mcx2Svc;Media Center Extender Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
S0 amdxata;amdxata;d:\windows\system32\drivers\amdxata.sys [2010-11-20 27008]
S0 CLFS;Common Log (CLFS);d:\windows\System32\CLFS.sys [2009-07-14 367696]
S0 CNG;CNG;d:\windows\System32\Drivers\cng.sys [2010-11-20 459248]
S0 FileInfo;File Information FS MiniFilter;d:\windows\system32\drivers\fileinfo.sys [2009-07-14 70224]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;d:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 223248]
S0 hwpolicy;Hardware Policy Driver;d:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
S0 KSecPkg;KSecPkg;d:\windows\System32\Drivers\ksecpkg.sys [2010-11-20 152960]
S0 msahci;msahci;d:\windows\system32\drivers\msahci.sys [2010-11-20 31104]
S0 msisadrv;msisadrv;d:\windows\system32\drivers\msisadrv.sys [2009-07-14 15424]
S0 pcw;Performance Counters for Windows Driver;d:\windows\System32\drivers\pcw.sys [2009-07-14 50768]
S0 rdyboost;ReadyBoost;d:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;d:\windows\system32\drivers\vmstorfl.sys [2010-11-20 46464]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;d:\windows\system32\drivers\vdrvroot.sys [2009-07-14 36432]
S0 vmbus;Virtual Machine Bus;d:\windows\system32\drivers\vmbus.sys [2010-11-20 199552]
S0 volmgr;Volume Manager Driver;d:\windows\system32\drivers\volmgr.sys [2010-11-20 71552]
S0 volmgrx;Dynamic Volume Manager;d:\windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
S1 blbdrive;blbdrive;d:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 45056]
S1 CSC;Offline Files Driver;d:\windows\system32\drivers\csc.sys [2010-11-20 514560]
S1 DfsC;DFS Namespace Client Driver;d:\windows\system32\Drivers\dfsc.sys [2010-11-20 102400]
S1 discache;System Attribute Cache;d:\windows\system32\drivers\discache.sys [2009-07-13 40448]
S1 nsiproxy;NSI proxy service driver.;d:\windows\system32\drivers\nsiproxy.sys [2009-07-13 24576]
S1 RDPENCDD;RDP Encoder Mirror Driver;d:\windows\system32\drivers\rdpencdd.sys [2009-07-14 7680]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;d:\windows\system32\drivers\rdprefmp.sys [2009-07-14 8192]
S1 tdx;NetIO Legacy TDI Support Driver;d:\windows\system32\DRIVERS\tdx.sys [2010-11-20 119296]
S1 vwififlt;Virtual WiFi Filter Driver;d:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;d:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 88576]
S1 WfpLwf;WFP Lightweight Filter;d:\windows\system32\DRIVERS\wfplwf.sys [2009-07-14 12800]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BFE;Base Filtering Engine;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 CscService;Offline Files;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 DPS;Diagnostic Policy Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 FDResPub;Function Discovery Resource Publication;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 FontCache;Windows Font Cache Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 gpsvc;Group Policy Client;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 iphlpsvc;IP Helper;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;d:\windows\system32\DRIVERS\lltdio.sys [2009-07-14 60928]
S2 luafv;UAC File Virtualization;d:\windows\system32\drivers\luafv.sys [2009-07-13 113152]
S2 MMCSS;Multimedia Class Scheduler;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MpsSvc;Windows Firewall;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NlaSvc;Network Location Awareness;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nsi;Network Store Interface Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PcaSvc;Program Compatibility Assistant Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PEAUTH;PEAUTH;d:\windows\system32\drivers\peauth.sys [2009-07-14 651264]
S2 Power;Power;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ProfSvc;User Profile Service;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RpcEptMapper;RPC Endpoint Mapper;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 sppsvc;Software Protection;d:\windows\system32\sppsvc.exe [2010-11-20 3524608]
S2 SysMain;Superfetch;d:\windows\system32\svchost.exe [2009-07-14 27136]
S2 tcpipreg;TCP/IP Registry Compatibility;d:\windows\system32\drivers\tcpipreg.sys [2010-11-20 45056]
S2 UNS;Intel® Management & Security Application User Notification Service;d:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 UxSms;Desktop Window Manager Session Manager;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 WinDefend;Windows Defender;d:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Wlansvc;WLAN AutoConfig;d:\windows\system32\svchost.exe [2009-07-14 27136]
S3 amdkmdag;amdkmdag;d:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;d:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 Appinfo;Application Information;d:\windows\system32\svchost.exe [2009-07-14 27136]
S3 bowser;Browser Support Driver;d:\windows\system32\DRIVERS\bowser.sys [2009-07-13 90624]
S3 CompositeBus;Composite Bus Enumerator Driver;d:\windows\system32\drivers\CompositeBus.sys [2010-11-20 38912]
S3 DXGKrnl;LDDM Graphics Subsystem;d:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 982912]
S3 ETD;ELAN PS/2 Port Input Device;d:\windows\system32\DRIVERS\ETD.sys [2010-01-18 128512]
S3 fdPHost;Function Discovery Provider Host;d:\windows\system32\svchost.exe [2009-07-14 27136]
S3 HECIx64;Intel® Management Engine Interface;d:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 HomeGroupListener;HomeGroup Listener;d:\windows\System32\svchost.exe [2009-07-14 27136]
S3 HomeGroupProvider;HomeGroup Provider;d:\windows\System32\svchost.exe [2009-07-14 27136]
S3 KeyIso;CNG Key Isolation;d:\windows\system32\lsass.exe [2009-07-14 31232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;d:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]
S3 monitor;Microsoft Monitor Class Function Driver Service;d:\windows\system32\DRIVERS\monitor.sys [2009-07-13 30208]
S3 mpsdrv;Windows Firewall Authorization Driver;d:\windows\system32\drivers\mpsdrv.sys [2009-07-14 77312]
S3 mrxsmb10;SMB 1.x MiniRedirector;d:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 287744]
S3 mrxsmb20;SMB 2.0 MiniRedirector;d:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 128000]
S3 NativeWifiP;NativeWiFi Filter;d:\windows\system32\DRIVERS\nwifi.sys [2009-07-14 318976]
S3 netprofm;Network List Service;d:\windows\System32\svchost.exe [2009-07-14 27136]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;d:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;d:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 RasAgileVpn;WAN Miniport (IKEv2);d:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 60416]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;d:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 24064]
S3 srv2;Server SMB 2.xxx Driver;d:\windows\system32\DRIVERS\srv2.sys [2010-11-20 413184]
S3 srvnet;srvnet;d:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 167936]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;d:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 125440]
S3 umbus;UMBus Enumerator Driver;d:\windows\system32\drivers\umbus.sys [2010-11-20 48640]
S3 vwifibus;Virtual WiFi Bus Driver;d:\windows\system32\DRIVERS\vwifibus.sys [2009-07-14 24576]
S3 WdiServiceHost;Diagnostic Service Host;d:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WdiSystemHost;Diagnostic System Host;d:\windows\System32\svchost.exe [2009-07-14 27136]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
wcssvc REG_MULTI_SZ WcsPlugInService

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv

.
Contents of the 'Scheduled Tasks' folder

2011-03-01 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213022646-1501092907-3097980410-1001Core.job
- d:\users\Seth\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 00:04]

2011-03-01 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2213022646-1501092907-3097980410-1001UA.job
- d:\users\Seth\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 00:04]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 13:27 509952 ----a-w- d:\windows\System32\ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="d:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"AmIcoSinglun64"="d:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
------- Supplementary Scan -------
.
uLocal Page = d:\windows\system32\blank.htm
mLocal Page = d:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
HKLM-Run-ETDWare - %ProgramFiles%\Elantech\ETDCtrl.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
d:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files (x86)\Bonjour\mDNSResponder.exe
d:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
d:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
d:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
d:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Completion time: 2011-03-01 01:15:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-01 06:15

Pre-Run: 282,522,976,256 bytes free
Post-Run: 282,417,393,664 bytes free

- - End Of File - - 131CA3DD5F95FCC87237C48CEEA6D567

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:37 PM

Posted 01 March 2011 - 03:05 PM

Hello,

Your logs look good. Lets go ahead a run a couple other scanners to make sure nothing else is still leftover or hiding.


1.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Posted Image
You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Things to include in your next reply:
MBAm log
Eset log
A new DDS log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 bandalf

bandalf
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 03 March 2011 - 12:25 AM

Hi Again, I ran all three scans that you requested, but the ESET scan did not give me an option for a log. I ran it three times, and all it told me was that no threats were found. I ran the scan as an admin, and the ESET scan said it would produce a log when finished, but it did not at the end. Here are the other two logs you requested. :)


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5922

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

01/03/2011 7:02:40 PM
mbam-log-2011-03-01 (19-02-40).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 559722
Time elapsed: 52 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Seth at 0:20:49.68 on 03/03/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4021.1724 [GMT -5:00]

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\system32\atiesrxx.exe
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\atieclxx.exe
D:\Windows\system32\svchost.exe -k NetworkService
D:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files (x86)\Bonjour\mDNSResponder.exe
D:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
D:\Windows\system32\svchost.exe -k imgsvc
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
D:\Program Files\Elantech\ETDCtrl.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
D:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
D:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
D:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
D:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Windows\system32\wbem\wmiprvse.exe
D:\Windows\system32\wbem\wmiprvse.exe
D:\Windows\system32\SearchIndexer.exe
D:\Windows\system32\svchost.exe -k bthsvcs
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
D:\Program Files\Elantech\ETDCtrlHelper.exe
D:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
D:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Windows\system32\DllHost.exe
D:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\system32\NOTEPAD.EXE
D:\Program Files (x86)\iTunes\iTunes.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
D:\Windows\system32\conhost.exe
D:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
D:\Windows\system32\conhost.exe
D:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
D:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\system32\taskhost.exe
D:\Windows\system32\DllHost.exe
D:\Windows\system32\DllHost.exe
D:\Users\Seth\Desktop\dds.scr
D:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HControlUser] D:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] D:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] D:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Adobe Reader Speed Launcher] "D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: D:\Users\Seth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - D:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - D:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [AmIcoSinglun64] D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;D:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;D:\Windows\System32\atiesrxx.exe [2010-11-25 203776]
R2 UNS;Intel® Management & Security Application User Notification Service;D:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-24 2314240]
R3 amdkmdag;amdkmdag;D:\Windows\System32\drivers\atikmdag.sys [2010-11-25 8120320]
R3 amdkmdap;amdkmdap;D:\Windows\System32\drivers\atikmpag.sys [2010-11-25 289792]
R3 ETD;ELAN PS/2 Port Input Device;D:\Windows\System32\drivers\ETD.sys [2011-1-24 128512]
R3 HECIx64;Intel® Management Engine Interface;D:\Windows\System32\drivers\HECIx64.sys [2011-1-24 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;D:\Windows\System32\drivers\L1C62x64.sys [2011-1-24 75816]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;D:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;D:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;D:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-27 20992]
S3 TsUsbFlt;TsUsbFlt;D:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;D:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;D:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-24 1255736]

=============== Created Last 30 ================

2011-03-02 00:06:27 -------- d-----w- D:\Program Files (x86)\ESET
2011-03-01 23:09:39 38224 ----a-w- D:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-01 23:09:38 -------- d-----w- D:\PROGRA~3\Malwarebytes
2011-03-01 23:09:35 24152 ----a-w- D:\Windows\System32\drivers\mbam.sys
2011-03-01 23:09:35 -------- d-----w- D:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-01 15:59:32 -------- d-----w- D:\Program Files\Defraggler
2011-03-01 07:17:32 -------- d-----w- D:\Users\Seth\AppData\Local\Adobe
2011-03-01 06:25:40 -------- d-----w- D:\Windows\SysWow64\drivers\AVG
2011-03-01 06:25:03 -------- d-----w- D:\Windows\System32\drivers\AVG
2011-03-01 06:11:11 -------- d-----w- D:\$RECYCLE.BIN
2011-03-01 06:04:49 98816 ----a-w- D:\Windows\sed.exe
2011-03-01 06:04:49 89088 ----a-w- D:\Windows\MBR.exe
2011-03-01 06:04:49 256512 ----a-w- D:\Windows\PEV.exe
2011-03-01 06:04:49 161792 ----a-w- D:\Windows\SWREG.exe
2011-03-01 00:46:50 -------- d-----w- D:\Program Files (x86)\Lavalys
2011-02-27 23:32:45 -------- d-----w- D:\Windows\System32\SPReview
2011-02-27 23:32:02 -------- d-----w- D:\Windows\System32\EventProviders
2011-02-27 23:28:56 5066752 ----a-w- D:\Windows\SysWow64\AuthFWSnapin.dll
2011-02-27 23:26:59 72192 ----a-w- D:\Windows\System32\napdsnap.dll
2011-02-27 23:22:16 529408 ----a-w- D:\Windows\System32\wbemcomn.dll
2011-02-27 23:22:16 524288 ----a-w- D:\Windows\System32\wmicmiplugin.dll
2011-02-27 23:22:16 1225216 ----a-w- D:\Windows\System32\wbem\wbemcore.dll
2011-02-27 23:21:59 933376 ----a-w- D:\Windows\System32\SmiEngine.dll
2011-02-27 23:21:49 199168 ----a-w- D:\Windows\System32\PkgMgr.exe
2011-02-27 23:21:13 422912 ----a-w- D:\Windows\System32\drvstore.dll
2011-02-27 23:21:13 399872 ----a-w- D:\Windows\System32\dpx.dll
2011-02-27 22:24:38 -------- d-----w- D:\Program Files (x86)\VideoLAN
2011-02-25 18:07:46 -------- d--h--w- D:\PROGRA~3\Common Files
2011-02-24 05:16:23 -------- d-----w- D:\Users\Seth\AppData\Roaming\Malwarebytes
2011-02-23 18:41:58 -------- d-----w- D:\Users\Seth\AppData\Local\{16F11F1D-74A1-4F25-A03C-114414793459}
2011-02-23 18:24:31 870912 ----a-w- D:\Windows\SysWow64\XpsPrint.dll
2011-02-23 18:24:31 475648 ----a-w- D:\Windows\System32\XpsGdiConverter.dll
2011-02-23 18:24:31 288256 ----a-w- D:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 18:24:31 1465344 ----a-w- D:\Windows\System32\XpsPrint.dll
2011-02-22 23:18:14 -------- d-----w- D:\Users\Seth\AppData\Local\{44576123-0333-468C-AACD-EA2A2A0B1BD8}
2011-02-22 23:12:00 -------- d-----w- D:\Windows\en
2011-02-22 23:10:25 -------- d-----w- D:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-22 23:08:06 -------- d-----w- D:\Windows\PCHEALTH
2011-02-22 23:07:01 94040 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\364fbbca1cbd2e507\DSETUP.dll
2011-02-22 23:07:01 525656 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\364fbbca1cbd2e507\DXSETUP.exe
2011-02-22 23:07:01 1691480 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\364fbbca1cbd2e507\dsetup32.dll
2011-02-22 23:06:55 94040 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\32a2f9b41cbd2e506\DSETUP.dll
2011-02-22 23:06:55 525656 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\32a2f9b41cbd2e506\DXSETUP.exe
2011-02-22 23:06:55 1691480 ----a-w- D:\Program Files (x86)\Common Files\Windows Live\.cache\32a2f9b41cbd2e506\dsetup32.dll
2011-02-22 23:02:47 -------- d-----w- D:\Users\Seth\AppData\Local\Windows Live
2011-02-22 23:02:47 -------- d-----w- D:\Program Files (x86)\Common Files\Windows Live
2011-02-22 22:07:20 -------- d-----w- D:\Users\Seth\AppData\Local\Apple Computer
2011-02-22 22:07:05 34152 ----a-w- D:\Windows\System32\drivers\GEARAspiWDM.sys
2011-02-22 22:07:05 126312 ----a-w- D:\Windows\System32\GEARAspi64.dll
2011-02-22 22:07:05 107368 ----a-w- D:\Windows\SysWow64\GEARAspi.dll
2011-02-22 22:06:43 -------- d-----w- D:\Program Files\iTunes
2011-02-22 22:06:43 -------- d-----w- D:\Program Files\iPod
2011-02-22 22:06:43 -------- d-----w- D:\Program Files (x86)\iTunes
2011-02-22 22:06:43 -------- d-----w- D:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-22 22:04:36 159744 ----a-w- D:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-22 22:04:15 -------- d-----w- D:\Users\Seth\AppData\Local\Apple
2011-02-22 22:03:57 -------- d-----w- D:\Program Files\Bonjour
2011-02-22 22:03:57 -------- d-----w- D:\Program Files (x86)\Bonjour
2011-02-22 19:07:43 230400 ----a-w- D:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-02-22 19:07:38 33792 ----a-w- D:\Windows\System32\Spool\prtprocs\x64\ssp4mpc.dll
2011-02-22 18:30:48 -------- dc----w- D:\Users\Seth\AppData\Local\MigWiz
2011-02-22 18:03:28 7844688 ----a-w- D:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{5D538A6F-014D-4F6E-819F-EEA0EB184F99}\mpengine.dll
2011-02-20 20:18:47 -------- d-----w- D:\Users\Seth\AppData\Local\Diagnostics
2011-02-19 17:25:10 -------- d-----w- D:\Users\Seth\AppData\Local\My Games
2011-02-17 21:36:13 1638912 ----a-w- D:\Windows\SysWow64\mshtml.tlb
2011-02-17 21:36:12 1638912 ----a-w- D:\Windows\System32\mshtml.tlb
2011-02-17 21:36:04 715776 ----a-w- D:\Windows\System32\kerberos.dll
2011-02-17 21:36:04 542208 ----a-w- D:\Windows\SysWow64\kerberos.dll
2011-02-17 21:36:02 3129344 ----a-w- D:\Windows\System32\win32k.sys
2011-02-17 21:35:44 214016 ----a-w- D:\Windows\System32\winsrv.dll
2011-02-17 21:35:42 612864 ----a-w- D:\Windows\System32\vbscript.dll
2011-02-17 21:35:41 428032 ----a-w- D:\Windows\SysWow64\vbscript.dll
2011-02-17 21:35:36 46080 ----a-w- D:\Windows\System32\atmlib.dll
2011-02-17 21:35:36 366592 ----a-w- D:\Windows\System32\atmfd.dll
2011-02-17 21:35:36 34304 ----a-w- D:\Windows\SysWow64\atmlib.dll
2011-02-17 21:35:36 294400 ----a-w- D:\Windows\SysWow64\atmfd.dll
2011-02-17 21:35:35 70656 ----a-w- D:\Windows\SysWow64\fontsub.dll
2011-02-17 21:35:35 100864 ----a-w- D:\Windows\System32\fontsub.dll

==================== Find3M ====================

2011-03-01 16:13:45 472808 ----a-w- D:\Windows\SysWow64\deployJava1.dll
2011-02-27 23:40:58 175616 ----a-w- D:\Windows\System32\msclmd.dll
2011-02-27 23:40:58 152576 ----a-w- D:\Windows\SysWow64\msclmd.dll
2011-02-02 22:11:20 270720 ------w- D:\Windows\System32\MpSigStub.exe
2011-01-26 20:19:26 381144 ----a-w- D:\Windows\sediag.exe
2011-01-25 00:02:18 0 ----a-w- D:\Windows\ativpsrm.bin
2010-12-15 04:14:08 591200 ----a-w- D:\Windows\System32\ipcoin801.dll
2010-12-14 23:51:20 51712 ----a-w- D:\Windows\System32\drivers\usbaapl64.sys
2010-12-14 23:51:20 4184352 ----a-w- D:\Windows\System32\usbaaplrc.dll
2010-12-08 09:12:36 308304 ----a-w- D:\Windows\System32\drivers\avgldx64.sys
2010-12-07 17:17:20 51200 ----a-w- D:\Windows\SysWow64\OpenCL.dll
2010-12-07 17:15:30 52736 ----a-w- D:\Windows\System32\OpenCL.dll

============= FINISH: 0:21:55.50 ===============

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:37 PM

Posted 03 March 2011 - 11:59 AM

Hello, bandalf.
Congratulations! You now appear clean! :cool:





Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".






Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 bandalf

bandalf
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 04 March 2011 - 12:33 PM

Awesome.
Thank you so much for your time and attention. I really do appreciate all your help and advice. I wish you all the best. Take care! :thumbsup:

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:37 PM

Posted 04 March 2011 - 05:35 PM

Thanks you and you are most welcome!

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:37 PM

Posted 04 March 2011 - 05:35 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users