Inactive Special circumstance for logs

JuanP · 2011/04/28

[Inactive] Special circumstance for logs

Before downloading and scanning my PC (I'm using a friends right now) I would like to confirm that everything can be done through safemode as my PC will not open in 'normal mode' right now.

Thanks for your time,
JP

broni · 2011/04/28

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

For now, safe mode will be fine.

JuanP · 2011/04/29

After several hours of slow and on-off internet, my ISP called to say I would be having problems until late next week. I havn't been able to download any of the programs yet. Please keep this thread open until I can add all my report logs.

Thanks,
JP

broni · 2011/04/29

Ok....

JuanP · 2011/05/04

Thanks for waiting, Chinese ISP's are.... unreliable.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6404

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

5/4/2011 12:37:14 PM
mbam-log-2011-05-04 (15-37-14).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 298020
Time elapsed: 47 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

JuanP · 2011/05/04

GMER had an empty log file.

***********************

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 4715
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 88):
0x82215000 \SystemRoot\system32\ntkrnlpa.exe
0x825CF000 \SystemRoot\system32\hal.dll
0x8060E000 \SystemRoot\system32\kdcom.dll
0x80615000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80685000 \SystemRoot\system32\PSHED.dll
0x80696000 \SystemRoot\system32\BOOTVID.dll
0x8069E000 \SystemRoot\system32\CLFS.SYS
0x806DF000 \SystemRoot\system32\CI.dll
0x82C04000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82C80000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82C8D000 \SystemRoot\system32\drivers\acpi.sys
0x82CD3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82CDC000 \SystemRoot\system32\drivers\msisadrv.sys
0x82CE4000 \SystemRoot\system32\drivers\pci.sys
0x82D0B000 \SystemRoot\System32\drivers\partmgr.sys
0x82D1A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82D1D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82D27000 \SystemRoot\system32\drivers\volmgr.sys
0x82D36000 \SystemRoot\System32\drivers\volmgrx.sys
0x82D80000 \SystemRoot\system32\drivers\intelide.sys
0x82D87000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82D95000 \SystemRoot\System32\drivers\mountmgr.sys
0x82E0B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82ED2000 \SystemRoot\system32\drivers\atapi.sys
0x82EDA000 \SystemRoot\system32\drivers\ataport.SYS
0x82EF8000 \SystemRoot\system32\drivers\fltmgr.sys
0x82F2A000 \SystemRoot\system32\drivers\fileinfo.sys
0x82F3A000 \SystemRoot\system32\drivers\ikfilesec.sys
0x82F48000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8800D000 \SystemRoot\system32\drivers\ndis.sys
0x88118000 \SystemRoot\system32\drivers\msrpc.sys
0x88143000 \SystemRoot\system32\drivers\NETIO.SYS
0x88203000 \SystemRoot\System32\drivers\tcpip.sys
0x882ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8840B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8851B000 \SystemRoot\system32\drivers\volsnap.sys
0x8855C000 \SystemRoot\System32\Drivers\mup.sys
0x8856B000 \SystemRoot\System32\drivers\ecache.sys
0x88592000 \SystemRoot\system32\drivers\disk.sys
0x885A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885C4000 \SystemRoot\system32\drivers\crcdisk.sys
0x885ED000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x88308000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88346000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88355000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x883E2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x885F6000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x883F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88554000 \SystemRoot\System32\Drivers\Alidevice.SYS
0x8817E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x88200000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x881AC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x881B7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x881CF000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x881D1000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x82FB9000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x82DA5000 \SystemRoot\system32\DRIVERS\storport.sys
0x881D7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x881E2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x881F2000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807BF000 \SystemRoot\system32\DRIVERS\ks.sys
0x881F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x88000000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BE0D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BE42000 \SystemRoot\system32\drivers\iksysflt.sys
0x8BE57000 \SystemRoot\system32\drivers\KCOM.SYS
0x8BE65000 \SystemRoot\system32\drivers\iksyssec.sys
0x8BE7C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BE85000 \SystemRoot\System32\Drivers\Null.SYS
0x8BE8C000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BE93000 \SystemRoot\System32\drivers\vga.sys
0x8BE9F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BEC0000 \SystemRoot\System32\drivers\watchdog.sys
0x8BECC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BED7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BEE5000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8BF0D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BF1A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BF25000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x81880000 \SystemRoot\System32\win32k.sys
0x8BF2D000 \SystemRoot\System32\drivers\Dxapi.sys
0x81A90000 \SystemRoot\System32\drivers\dxg.sys
0x81AC0000 \SystemRoot\System32\TSDDD.dll
0x81B40000 \SystemRoot\System32\framebuf.dll
0x8BF37000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8BF62000 \??\C:\Users\Joan\AppData\Local\Temp\kgldypog.sys
0x77A00000 \Windows\System32\ntdll.dll

Processes (total 20):
0 System Idle Process
4 System
224 C:\Windows\System32\smss.exe
284 C:\Windows\System32\csrss.exe
320 C:\Windows\System32\csrss.exe
328 C:\Windows\System32\wininit.exe
372 C:\Windows\System32\winlogon.exe
404 C:\Windows\System32\services.exe
416 C:\Windows\System32\lsass.exe
424 C:\Windows\System32\lsm.exe
572 C:\Windows\System32\svchost.exe
628 C:\Windows\System32\svchost.exe
760 C:\Windows\System32\svchost.exe
784 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
848 C:\Program Files\Spyware Doctor\pctsAuxs.exe
876 C:\Program Files\Spyware Doctor\pctsSvc.exe
1036 C:\Windows\explorer.exe
1068 C:\Program Files\Spyware Doctor\pctsTray.exe
1232 C:\Users\Joan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000f`31f00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542512K9SA00, Rev: BB2OC31P

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: DA67949D8E80AE4B877B861155C27C0550D2F7A3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

JuanP · 2011/05/04

DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
Run by Joan at 14:39:11.19 on Wed 05/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft?Windows Vista?Home Basic 6.0.6002.2.1252.34.1033.18.2038.1456 [GMT 8:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Users\Joan\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://es.es.acer.yahoo.com
mDefault_Page_URL = hxxp://es.es.acer.yahoo.com
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: Barra Yahoo! con bloqueador de ventanas emergentes: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: BOC ProcessProtect Class: {776b71e2-b4cc-4c94-bc7c-09103aa690b6} - c:\windows\system32\ProcessProtection.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: ICBC Anti-Phishing class: {bb4491a2-d11a-4c6b-91c0-b53246a3122b} - c:\program files\icbcebanktools\icbcantiphishing\Icbc_AntiPhishing.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll "
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Barra Yahoo! con bloqueador de ventanas emergentes: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll "
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SkyU2M] "c:\program files\skyu2m\SkyU2M.exe "
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AVG PC Tuneup 2011] "c:\program files\avg\avg pc tuneup 2011\BoostSpeed.exe" -UseTray
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe "
mRun: [Skytel] Skytel.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [TelRun] c:\program files\ctc_setup\cmupdater\TelRun.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kasper~1.lnk - c:\program files\kaspersky security scan\KSS.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: bankofchina.com
Trusted Zone: boc.cn
Trusted Zone: ccb.cn\b2b
Trusted Zone: ccb.com\www
Trusted Zone: ccb.com.cn\*
Trusted Zone: ccb.com.cn\ca2
Trusted Zone: ccb.com.cn\ca3
Trusted Zone: ccb.com.cn\ibsbjstar
Trusted Zone: ccb.com.cn\mybank
Trusted Zone: com.cn\mybank.icbc
Trusted Zone: com.cn\vip.icbc
Trusted Zone: com.cn\www.icbc
Trusted Zone: taobao.com
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://mybank.icbc.com.cn/icbc/newenperbank/AxSafeControls.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} - hxxp://www.tapuz.co.il/irc/main/launcher.cab
DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} - hxxp://irc.nana10.co.il/Cabs/launcher39.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joan\appdata\roaming\mozilla\firefox\profiles\wv5549ep.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\users\joan\appdata\roaming\mozilla\firefox\profiles\wv5549ep.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\joan\appdata\roaming\mozilla\firefox\profiles\wv5549ep.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npaliedit.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\joan\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\joan\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Diccionari catal脿 (general): ca@dictionaries.addons.mozilla.org - %profile%\extensions\ca@dictionaries.addons.mozilla.org
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - Ext: Quick Locale Switcher: {25A1388B-6B18-46c3-BEBA-A81915D0DE8F} - %profile%\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}
FF - Ext: DictCN: austin.dict@dict.cn - %profile%\extensions\austin.dict@dict.cn
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Diccionario de Espa帽ol/Espa帽a: es-es@dictionaries.addons.mozilla.org - %profile%\extensions\es-es@dictionaries.addons.mozilla.org
FF - Ext: Dictionnaire fran莽ais 芦Classique禄: fr-FR@dictionaries.addons.mozilla.org - %profile%\extensions\fr-FR@dictionaries.addons.mozilla.org
FF - Ext: Dictionnaire fran莽ais 芦R茅forme 1990禄: fr@dictionaries.addons.mozilla.org - %profile%\extensions\fr@dictionaries.addons.mozilla.org
FF - Ext: Hebrew spell-checking dictionary (from HSpell): he@dictionaries.addons.mozilla.org - %profile%\extensions\he@dictionaries.addons.mozilla.org
FF - Ext: IrregularVerbs: IrregularVerbs@canevas.xul - %profile%\extensions\IrregularVerbs@canevas.xul
FF - Ext: Dizionario italiano: it-IT@dictionaries.addons.mozilla.org - %profile%\extensions\it-IT@dictionaries.addons.mozilla.org
FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
FF - Ext: Russian spellchecking dictionary: ru@dictionaries.addons.mozilla.org - %profile%\extensions\ru@dictionaries.addons.mozilla.org
FF - Ext: Zombie Keys: zombiekeys@bolay.de - %profile%\extensions\zombiekeys@bolay.de
FF - Ext: mid: {9ef1e09b-d4b2-4a55-ac3e-1cb330546bec} - %profile%\extensions\{9ef1e09b-d4b2-4a55-ac3e-1cb330546bec}
FF - Ext: Logos Toolbar: {cca345bb-6273-4c00-9e89-0c107c82df46} - %profile%\extensions\{cca345bb-6273-4c00-9e89-0c107c82df46}
FF - Ext: LookWAYup Sidebar: {ded8b977-4908-42fb-b5cb-a976cfb480ca} - %profile%\extensions\{ded8b977-4908-42fb-b5cb-a976cfb480ca}
FF - Ext: Moji: {ea9be299-129b-4c3c-8876-d98c18c2fd39} - %profile%\extensions\{ea9be299-129b-4c3c-8876-d98c18c2fd39}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: Identity Cloaker extension: identity-cloaker@identitycloaker.com - c:\identity cloaker\Firefox Extension
.
============= SERVICES / DRIVERS ===============
.
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-5-28 40840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-5-28 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-5-28 81288]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-5-28 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-5-28 1079176]
R3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2008-7-13 6656]
R3 kgldypog;kgldypog;C:\kgldypog.sys [2011-5-4 100480]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-25 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-25 29584]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-24 243024]
S1 Protector;Protector;c:\windows\system32\drivers\Protector.sys [2010-6-3 34184]
S1 ProtectorA;ProtectorA;c:\windows\system32\drivers\ProtectorA.sys [2010-6-3 15240]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-19 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-28 21504]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [2009-12-9 23424]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-12-9 103040]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-6-13 9728]
S3 PhSerUsb;LENOVO USB Serial Driver;c:\windows\system32\drivers\lenovoSerUsb.sys [2010-4-18 48896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zgdccat;ZTE CDMA AT Interface;c:\windows\system32\drivers\zgdccat.sys [2010-6-13 106112]
S3 zgdccdiag;ZTE CDMA Diagnostics Interface;c:\windows\system32\drivers\zgdccdiag.sys [2010-6-13 106112]
S3 zgdccmdm;ZTE CDMA Proprietary USB Modem;c:\windows\system32\drivers\zgdccmdm.sys [2010-6-13 106112]
S3 zgdccvousb;ZTE CDMA Sound Interface;c:\windows\system32\drivers\zgdccvousb.sys [2010-6-13 106112]
.
=============== Created Last 30 ================
.
2011-05-04 05:42:32 100480 ----a-w- C:\kgldypog.sys
2011-04-22 04:19:02 -------- d-----w- c:\users\joan\appdata\local\{3141AC43-D20E-4DC2-8658-DDCD640F32DE}
2011-04-21 03:46:55 -------- d-----w- c:\users\joan\appdata\local\{112C4F02-A262-47B4-B68D-D1356F5506FD}
2011-04-21 03:46:37 -------- d-----w- c:\users\joan\appdata\local\{88A83E79-343A-44DD-AAF9-818C07E529EF}
2011-04-21 02:06:51 -------- d-----w- c:\users\joan\appdata\roaming\AVG
2011-04-20 15:42:20 -------- d-----w- c:\users\joan\appdata\local\{C9AE83D4-0EAB-460F-8F71-E1A30D1A0B3C}
2011-04-20 07:02:42 -------- d-----w- c:\users\joan\appdata\roaming\Malwarebytes
2011-04-20 07:02:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 07:02:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 07:02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-20 07:02:34 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-18 15:54:55 -------- d-----w- c:\users\joan\appdata\local\{6F11220D-E19B-46DF-B684-55E3A5E471C3}
2011-04-18 03:20:09 -------- d-----w- c:\users\joan\appdata\local\{454844AC-609E-4E8D-8D41-F7EFD1880301}
2011-04-17 08:47:38 -------- d-----w- c:\users\joan\appdata\local\{1598799A-4B30-43BE-B8DC-911B66D0CDAC}
2011-04-16 04:45:55 -------- d-----w- c:\users\joan\appdata\local\{EE19A7B6-6F9B-4763-8959-C14775CE6FAE}
2011-04-15 16:30:15 -------- d-----w- c:\users\joan\appdata\local\{0F0FF76D-01FF-4B72-A367-1187C31B6BC1}
2011-04-15 03:10:12 -------- d-----w- c:\users\joan\appdata\local\{5155EB4D-7018-455E-9710-EB95FEA4274D}
2011-04-14 14:32:38 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 14:32:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 14:32:11 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 14:32:11 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 14:32:11 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 14:32:11 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 14:32:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 14:32:02 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 14:31:52 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 14:31:52 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 14:31:51 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 14:31:45 -------- d-----w- c:\users\joan\appdata\local\{8DA1D493-2E8D-4A9D-87A4-18E18E85FC88}
2011-04-14 14:26:47 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 14:26:47 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 14:26:40 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 14:26:30 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 14:12:56 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-14 02:30:36 -------- d-----w- c:\users\joan\appdata\local\{0D0FB7AF-D064-4C28-94FD-3331E935D111}
2011-04-13 01:08:30 -------- d-----w- c:\users\joan\appdata\local\{AD46B794-70DE-44D2-84AC-51B510662ADC}
2011-04-12 05:23:08 -------- d-----w- c:\users\joan\appdata\local\{3621CB9F-BF33-41F2-9C38-402F2F9D2A45}
2011-04-11 17:22:34 -------- d-----w- c:\users\joan\appdata\local\{B43F2EB5-9D7D-4017-88A0-F325BDD50790}
2011-04-11 07:22:49 -------- d-----w- c:\users\joan\appdata\local\{67348B86-2985-414A-845D-76ED1AF9CDE7}
2011-04-10 07:23:20 -------- d-----w- c:\users\joan\appdata\local\{848AC4C4-D972-44D0-BFCB-9E7BE34510C7}
2011-04-09 15:00:41 -------- d-----w- c:\users\joan\appdata\local\{568FEBF8-887F-422C-BB92-5759C7BA231E}
2011-04-08 01:46:31 -------- d-----w- c:\users\joan\appdata\local\{48C18670-B159-4106-9341-BF7611FA3915}
2011-04-07 06:25:56 -------- d-----w- c:\users\joan\appdata\local\{B92D84E1-18D0-4B11-B530-DD54197F1FD5}
2011-04-06 02:02:19 -------- d-----w- c:\users\joan\appdata\local\{43BE7EC0-C3E8-47D6-B777-85A32F14EA80}
2011-04-05 16:56:01 -------- d-----w- c:\program files\Bonjour
2011-04-05 10:45:27 -------- d-----w- c:\users\joan\appdata\local\{299353AA-F1A8-4874-B229-26D3D0509C64}
.
==================== Find3M ====================
.
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 08:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
============= FINISH: 14:39:48.37 ===============

JuanP · 2011/05/04

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft?Windows Vista?Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 5/25/2008 2:43:15 PM
System Uptime: 5/4/2011 1:36:03 PM (1 hours ago)
.
Motherboard: Acer | | Volvi2
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | U2E1 | 1729/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 16.625 GiB free.
D: is FIXED (NTFS) - 51 GiB total, 23.87 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description:
Device ID: ROOT\NET\0001
Manufacturer:
Name:
PNP Device ID: ROOT\NET\0001
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
??????
大明五洲建行网银盾 2.3.5.4
联想手机工作室
Acer Arcade
Acer Crystal Eye webcam
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.2.6
Agere Systems HDA Modem
Alipay security control 2,1,2,5
Alipay security plugin 1.3.0.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
AVG PC Tuneup 2011
Barra Yahoo! con bloqueador de ventanas emergentes
Big Kahuna Reef 2
Bing Bar
BOCNET Security Applet 1.5
Bonjour
Bricks of Egypt
ChinaNet client
Chinese Simplified Fonts Support For Adobe Reader 8
Conduit Engine
D2
D3DX10
Dynasty
Escritorio movistar
Facebook Plug-In
Google Chrome
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HUAWEI DataCard Driver 2.93
Identity Cloaker
Intel(R) Graphics Media Accelerator Driver
iTunes
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Jewel Quest Solitaire
Junk Mail filter update
Kaspersky Security Scan
Launch Manager
LightScribe 1.4.142.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Luxor 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.16)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Prime Suspects
Mystery Case Files Ravenhearst
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OGA Notifier 2.0.0048.0
PowerProducer 3.72
PrimoPDF
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype?5.1
SkyU2M Driver
Softonic-Eng7 Toolbar
Spyware Doctor 6.0
Synaptics Pointing Device Driver
Treasures of the Deep
Uniblue RegistryBooster 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Volutive 1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xobni Core
.
==== Event Viewer Messages From Past Week ========
.
5/4/2011 1:40:00 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/4/2011 1:39:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/4/2011 1:39:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/4/2011 1:39:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/4/2011 1:39:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC eeCtrl NetBIOS netbt nsiproxy Protector ProtectorA PSched RasAcd rdbss Smb spldr tdx Wanarpv6
5/4/2011 1:39:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2011 1:38:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/4/2011 1:28:31 PM, Error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
5/4/2011 1:27:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/28/2011 8:01:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 eeCtrl Protector ProtectorA spldr Wanarpv6
4/28/2011 7:57:20 PM, Error: Service Control Manager [7043] - The AVG Free WatchDog service did not shut down properly after receiving a preshutdown control.
4/28/2011 7:56:44 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
4/28/2011 7:56:39 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/28/2011 7:55:09 PM, Error: EventLog [6008] - The previous system shutdown at 19:53:30 on 28/04/2011 was unexpected.
4/28/2011 6:55:56 PM, Error: EventLog [6008] - The previous system shutdown at 18:51:30 on 28/04/2011 was unexpected.
4/28/2011 6:49:08 PM, Error: EventLog [6008] - The previous system shutdown at 18:30:57 on 28/04/2011 was unexpected.
4/28/2011 6:19:02 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 5:36:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments " " in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
4/28/2011 5:36:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/28/2011 5:36:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/28/2011 5:24:20 PM, Error: EventLog [6008] - The previous system shutdown at 13:03:32 on 23/04/2011 was unexpected.
.
==== End Of File ===========================

broni · 2011/05/04

Nice to see you back

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

====================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

JuanP · 2011/05/04

I saved the information with remover but also got a debug log that saved itself on my desktop. I'm going to give you both. Also the unhooker gives me an error message: Error loading driver, NTSTATUS code 0xC000035F . I cannot run unhooker with or without running as adminsitratior.

JuanP · 2011/05/04

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
2), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`71100000
Boot sector MD5 is: 26062c4eb9a0e14db5e0d0ba52a0aa93

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

JuanP · 2011/05/04

.\debug.cpp(238) : Debug log started at 04.05.2011 - 22:14:42
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82206000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe "
.\debug.cpp(256) : 0x825c0000 0x00033000 "\SystemRoot\system32\hal.dll "
.\debug.cpp(256) : 0x80603000 0x00007000 "\SystemRoot\system32\kdcom.dll "
.\debug.cpp(256) : 0x8060a000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll "
.\debug.cpp(256) : 0x8067a000 0x00011000 "\SystemRoot\system32\PSHED.dll "
.\debug.cpp(256) : 0x8068b000 0x00008000 "\SystemRoot\system32\BOOTVID.dll "
.\debug.cpp(256) : 0x80693000 0x00041000 "\SystemRoot\system32\CLFS.SYS "
.\debug.cpp(256) : 0x806d4000 0x000e0000 "\SystemRoot\system32\CI.dll "
.\debug.cpp(256) : 0x82c04000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys "
.\debug.cpp(256) : 0x82c80000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS "
.\debug.cpp(256) : 0x82c8d000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys "
.\debug.cpp(256) : 0x82cd3000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS "
.\debug.cpp(256) : 0x82cdc000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys "
.\debug.cpp(256) : 0x82ce4000 0x00027000 "\SystemRoot\system32\drivers\pci.sys "
.\debug.cpp(256) : 0x82d0b000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys "
.\debug.cpp(256) : 0x82d1a000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys "
.\debug.cpp(256) : 0x82d1d000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS "
.\debug.cpp(256) : 0x82d27000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys "
.\debug.cpp(256) : 0x82d36000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys "
.\debug.cpp(256) : 0x82d80000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys "
.\debug.cpp(256) : 0x82d87000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS "
.\debug.cpp(256) : 0x82d95000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys "
.\debug.cpp(256) : 0x82e0e000 0x000c7000 "\SystemRoot\system32\DRIVERS\iaStor.sys "
.\debug.cpp(256) : 0x82ed5000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys "
.\debug.cpp(256) : 0x82edd000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS "
.\debug.cpp(256) : 0x82efb000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys "
.\debug.cpp(256) : 0x82f2d000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys "
.\debug.cpp(256) : 0x82f3d000 0x0000e000 "\SystemRoot\system32\drivers\ikfilesec.sys "
.\debug.cpp(256) : 0x82f4b000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys "
.\debug.cpp(256) : 0x88000000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys "
.\debug.cpp(256) : 0x8810b000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys "
.\debug.cpp(256) : 0x88136000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS "
.\debug.cpp(256) : 0x8820d000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys "
.\debug.cpp(256) : 0x882f7000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys "
.\debug.cpp(256) : 0x8840f000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys "
.\debug.cpp(256) : 0x8851f000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys "
.\debug.cpp(256) : 0x88560000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys "
.\debug.cpp(256) : 0x8856f000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys "
.\debug.cpp(256) : 0x88596000 0x00011000 "\SystemRoot\system32\drivers\disk.sys "
.\debug.cpp(256) : 0x885a7000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS "
.\debug.cpp(256) : 0x885c8000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys "
.\debug.cpp(256) : 0x885f1000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys "
.\debug.cpp(256) : 0x88400000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys "
.\debug.cpp(256) : 0x88312000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS "
.\debug.cpp(256) : 0x88350000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
.\debug.cpp(256) : 0x8835f000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys "
.\debug.cpp(256) : 0x883ec000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys "
.\debug.cpp(256) : 0x88200000 0x0000a000 "\SystemRoot\system32\DRIVERS\DKbFltr.sys "
.\debug.cpp(256) : 0x88171000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys "
.\debug.cpp(256) : 0x88558000 0x00008000 "\SystemRoot\System32\Drivers\Alidevice.SYS "
.\debug.cpp(256) : 0x8817c000 0x0002e000 "\SystemRoot\system32\DRIVERS\SynTP.sys "
.\debug.cpp(256) : 0x885fa000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS "
.\debug.cpp(256) : 0x881aa000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys "
.\debug.cpp(256) : 0x881b5000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys "
.\debug.cpp(256) : 0x885fc000 0x00002000 "\SystemRoot\system32\DRIVERS\NTIDrvr.sys "
.\debug.cpp(256) : 0x881cd000 0x00006000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys "
.\debug.cpp(256) : 0x82fbc000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys "
.\debug.cpp(256) : 0x82da5000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys "
.\debug.cpp(256) : 0x881d3000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS "
.\debug.cpp(256) : 0x881de000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys "
.\debug.cpp(256) : 0x885fe000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys "
.\debug.cpp(256) : 0x807b4000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys "
.\debug.cpp(256) : 0x881ee000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys "
.\debug.cpp(256) : 0x82feb000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys "
.\debug.cpp(256) : 0x8be0f000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys "
.\debug.cpp(256) : 0x8be44000 0x00015000 "\SystemRoot\system32\drivers\iksysflt.sys "
.\debug.cpp(256) : 0x8be59000 0x0000e000 "\SystemRoot\system32\drivers\KCOM.SYS "
.\debug.cpp(256) : 0x8be67000 0x00017000 "\SystemRoot\system32\drivers\iksyssec.sys "
.\debug.cpp(256) : 0x8be7e000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS "
.\debug.cpp(256) : 0x8be87000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS "
.\debug.cpp(256) : 0x8be8e000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS "
.\debug.cpp(256) : 0x8be95000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys "
.\debug.cpp(256) : 0x8bea1000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS "
.\debug.cpp(256) : 0x8bec2000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys "
.\debug.cpp(256) : 0x8bece000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS "
.\debug.cpp(256) : 0x8bed9000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS "
.\debug.cpp(256) : 0x8bee7000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS "
.\debug.cpp(256) : 0x8bf0f000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys "
.\debug.cpp(256) : 0x8bf1c000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys "
.\debug.cpp(256) : 0x8bf27000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys "
.\debug.cpp(256) : 0x81640000 0x00204000 "\SystemRoot\System32\win32k.sys "
.\debug.cpp(256) : 0x8bf2f000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys "
.\debug.cpp(256) : 0x81850000 0x00017000 "\SystemRoot\System32\drivers\dxg.sys "
.\debug.cpp(256) : 0x81880000 0x00009000 "\SystemRoot\System32\TSDDD.dll "
.\debug.cpp(256) : 0x81900000 0x00008000 "\SystemRoot\System32\framebuf.dll "
.\debug.cpp(256) : 0x8bf39000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys "
.\debug.cpp(256) : 0x8bf4f000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys "
.\debug.cpp(256) : 0x8bf58000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS "
.\debug.cpp(256) : 0x8bf68000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS "
.\debug.cpp(256) : 0x8bf6f000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
.\debug.cpp(256) : 0x8bf77000 0x00015000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS "
.\debug.cpp(256) : 0x77a50000 0x00128000 "\Windows\System32\ntdll.dll "
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
.\debug.cpp(400) : Destination "\Device\Ndis "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
.\debug.cpp(400) : Destination "\Device\Video0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000005f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00D2&Col02#6&76ecc93&0&0001#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000007c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPIONEER_DVD-RW_DVRKD08RS________________1.02____#5&11d3172a&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f2df7cb8-2a24-11dd-a1c2-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00D2&Col02#6&76ecc93&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\0000007c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$filesecurity "
.\debug.cpp(400) : Destination "\Device\$filesecurity "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_01331025&REV_03#3&21436425&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice "
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4: "
.\debug.cpp(400) : Destination "\Device\RaidPort0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00D2&Col01#6&76ecc93&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\0000007b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f2df7cb7-2a24-11dd-a1c2-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0302#4&6c0995a&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000065 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery "
.\debug.cpp(400) : Destination "\Device\CompositeBattery "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
.\debug.cpp(400) : Destination "\Device\WMIDataDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
.\debug.cpp(400) : Destination "\Device\NamedPipe "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPIONEER_DVD-RW_DVRKD08RS________________1.02____#5&11d3172a&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
.\debug.cpp(400) : Destination "\Device\Mup "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice "
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
.\debug.cpp(400) : Destination "\Device\USBFDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&238581a7&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000061 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
.\debug.cpp(400) : Destination "\Device\USBFDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
.\debug.cpp(400) : Destination "\DosDevices\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&138b5fae&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
.\debug.cpp(400) : Destination "\Device\USBFDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&238581a7&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1 "
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
.\debug.cpp(400) : Destination "\Device\00000056 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
.\debug.cpp(400) : Destination "\Device\USBFDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1E3D&PID_2095#CCBB1009291609390017789002#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
.\debug.cpp(400) : Destination "\Device\USBFDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_01331025&REV_03#3&21436425&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000057 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&6964c99&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\0000001c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5 "
.\debug.cpp(400) : Destination "\Device\USBFDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS1#{4afa3d51-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000005c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
.\debug.cpp(400) : Destination "\GLOBAL?? "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_Flash_Disk&Rev_5.00#CCBB1009291609390017789002&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\0000007e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG: "
.\debug.cpp(400) : Destination "\clfs "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6 "
.\debug.cpp(400) : Destination "\Device\USBFDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_01331025&REV_03#3&21436425&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_01331025&REV_03#3&21436425&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS0#{4afa3d51-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000005b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_01331025&REV_03#3&21436425&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_01331025&REV_03#3&21436425&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature58E7061DOffsetF31F00000LengthCC0900000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&328bb01f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{0fbe7880-6b1b-11e0-920c-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$systemsecurity "
.\debug.cpp(400) : Destination "\Device\$systemsecurity "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&6c0995a&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000064 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&18b1524f&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
.\debug.cpp(400) : Destination "\Device\MountPointManager "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_00D2#5&2e526903&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature58E7061DOffset100000Length271000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl "
.\debug.cpp(400) : Destination "\Device\PartmgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\alidevice "
.\debug.cpp(400) : Destination "\Device\alidevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice "
.\debug.cpp(400) : Destination "\Device\NXTIPSEC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f2df7cb9-2a24-11dd-a1c2-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1d1c67ac&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Dritek_KB_Filter "
.\debug.cpp(400) : Destination "\Device\Dritek_KB_Filter "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev "
.\debug.cpp(400) : Destination "\Device\WFP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&18b1524f&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1db79072&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\00000054 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7ce8428&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NTIDrvr "
.\debug.cpp(400) : Destination "\Device\NTIDrvr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS542512K9SA00_________________BB2OC31P#5&2c39b59&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
.\debug.cpp(400) : Destination "\Device\MailSlot "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
.\debug.cpp(400) : Destination "\DosDevices\COM1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000053 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
.\debug.cpp(400) : Destination "\Device\Null "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2ff1d550&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
.\debug.cpp(400) : Destination " "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f2df7cbc-2a24-11dd-a1c2-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Generic&Prod_Flash_Disk&Rev_5.00#CCBB1009291609390017789002&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000052 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_01331025&REV_03#3&21436425&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP "
.\debug.cpp(400) : Destination "\Device\SynTP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle "
.\debug.cpp(400) : Destination "\Device\WfpAle "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature58E7061DOffset271100000LengthCC0E00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\0000005e "
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`71100000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 26062c4eb9a0e14db5e0d0ba52a0aa93
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;

broni · 2011/05/04

I cannot run unhooker with or without running as adminsitratior
Click to expand...

I forgot, you can access Safe Mode only. RKU won't run from there.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

JuanP · 2011/05/04

2011/05/05 06:41:04.0006 0960 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 06:41:04.0019 0960 ================================================================================
2011/05/05 06:41:04.0019 0960 SystemInfo:
2011/05/05 06:41:04.0019 0960
2011/05/05 06:41:04.0019 0960 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/05 06:41:04.0019 0960 Product type: Workstation
2011/05/05 06:41:04.0019 0960 ComputerName: JOAN-PC
2011/05/05 06:41:04.0019 0960 UserName: Joan
2011/05/05 06:41:04.0019 0960 Windows directory: C:\Windows
2011/05/05 06:41:04.0019 0960 System windows directory: C:\Windows
2011/05/05 06:41:04.0019 0960 Processor architecture: Intel x86
2011/05/05 06:41:04.0019 0960 Number of processors: 2
2011/05/05 06:41:04.0019 0960 Page size: 0x1000
2011/05/05 06:41:04.0019 0960 Boot type: Safe boot
2011/05/05 06:41:04.0019 0960 ================================================================================
2011/05/05 06:41:04.0462 0960 Initialize success
2011/05/05 06:41:11.0999 0844 ================================================================================
2011/05/05 06:41:11.0999 0844 Scan started
2011/05/05 06:41:11.0999 0844 Mode: Manual;
2011/05/05 06:41:11.0999 0844 ================================================================================
2011/05/05 06:41:12.0810 0844 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/05 06:41:12.0883 0844 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/05 06:41:13.0006 0844 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/05 06:41:13.0106 0844 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/05 06:41:13.0154 0844 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/05 06:41:13.0306 0844 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/05 06:41:13.0479 0844 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/05 06:41:13.0620 0844 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/05 06:41:13.0675 0844 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/05 06:41:13.0820 0844 Alidevice (2f17c06cda54bfbe13c4046b19055f7b) C:\Windows\system32\drivers\Alidevice.sys
2011/05/05 06:41:13.0936 0844 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/05 06:41:13.0972 0844 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/05 06:41:14.0006 0844 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/05 06:41:14.0120 0844 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/05 06:41:14.0180 0844 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/05 06:41:14.0262 0844 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/05 06:41:14.0382 0844 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/05 06:41:14.0452 0844 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/05 06:41:14.0508 0844 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/05 06:41:14.0644 0844 athr (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys
2011/05/05 06:41:14.0883 0844 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2011/05/05 06:41:14.0939 0844 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2011/05/05 06:41:15.0059 0844 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2011/05/05 06:41:15.0260 0844 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/05 06:41:15.0397 0844 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/05 06:41:15.0534 0844 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/05 06:41:15.0650 0844 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/05 06:41:15.0692 0844 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/05 06:41:15.0772 0844 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/05 06:41:15.0810 0844 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/05 06:41:15.0919 0844 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/05 06:41:15.0957 0844 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/05 06:41:16.0012 0844 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/05 06:41:16.0197 0844 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/05 06:41:16.0267 0844 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/05 06:41:16.0373 0844 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/05 06:41:16.0457 0844 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/05 06:41:16.0619 0844 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/05 06:41:16.0696 0844 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/05 06:41:16.0762 0844 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/05 06:41:16.0789 0844 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/05 06:41:16.0839 0844 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/05 06:41:16.0998 0844 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/05 06:41:17.0147 0844 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/05 06:41:17.0225 0844 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/05 06:41:17.0393 0844 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/05 06:41:17.0457 0844 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/05 06:41:17.0566 0844 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/05 06:41:17.0631 0844 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/05 06:41:17.0737 0844 eeCtrl (9fc81327274efe26f560087a7d379f01) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/05 06:41:17.0862 0844 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/05 06:41:18.0035 0844 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/05 06:41:18.0090 0844 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/05 06:41:18.0161 0844 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/05 06:41:18.0284 0844 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/05 06:41:18.0355 0844 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/05 06:41:18.0460 0844 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/05 06:41:18.0528 0844 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/05 06:41:18.0760 0844 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/05 06:41:18.0833 0844 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/05 06:41:18.0951 0844 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/05 06:41:19.0007 0844 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/05/05 06:41:19.0165 0844 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/05 06:41:19.0256 0844 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/05 06:41:19.0375 0844 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/05 06:41:19.0426 0844 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/05 06:41:19.0484 0844 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/05 06:41:19.0525 0844 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/05 06:41:19.0663 0844 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/05 06:41:19.0737 0844 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/05 06:41:19.0896 0844 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/05/05 06:41:20.0023 0844 Huawei (c1258adcbe6e51a3c06c234d2bdb81b5) C:\Windows\system32\DRIVERS\ewdcsc.sys
2011/05/05 06:41:20.0102 0844 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/05/05 06:41:20.0262 0844 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\Windows\system32\DRIVERS\ewusbfake.sys
2011/05/05 06:41:20.0334 0844 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/05 06:41:20.0457 0844 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/05 06:41:20.0534 0844 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/05 06:41:20.0655 0844 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/05 06:41:20.0785 0844 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/05 06:41:20.0953 0844 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/05 06:41:21.0012 0844 IKFileSec (ff9f262494fc23d77a6148d49d87d2de) C:\Windows\system32\drivers\ikfilesec.sys
2011/05/05 06:41:21.0063 0844 IKSysFlt (7e359671fd9595ecb1b0a33fb4184b19) C:\Windows\system32\drivers\iksysflt.sys
2011/05/05 06:41:21.0159 0844 IKSysSec (a44cb3cf3af266665261a6e6c9cac27c) C:\Windows\system32\drivers\iksyssec.sys
2011/05/05 06:41:21.0251 0844 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/05/05 06:41:21.0421 0844 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/05 06:41:21.0582 0844 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/05 06:41:21.0626 0844 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/05 06:41:21.0776 0844 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/05 06:41:21.0945 0844 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/05 06:41:22.0023 0844 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/05 06:41:22.0191 0844 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/05 06:41:22.0231 0844 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/05 06:41:22.0376 0844 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/05 06:41:22.0418 0844 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/05 06:41:22.0454 0844 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/05 06:41:22.0585 0844 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/05 06:41:22.0633 0844 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/05 06:41:22.0786 0844 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/05 06:41:22.0998 0844 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/05 06:41:23.0058 0844 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/05 06:41:23.0092 0844 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/05 06:41:23.0227 0844 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/05 06:41:23.0264 0844 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/05 06:41:23.0418 0844 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys
2011/05/05 06:41:23.0448 0844 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/05 06:41:23.0626 0844 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/05 06:41:23.0678 0844 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/05 06:41:23.0819 0844 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
2011/05/05 06:41:23.0877 0844 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/05 06:41:24.0006 0844 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/05 06:41:24.0051 0844 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/05 06:41:24.0097 0844 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/05 06:41:24.0249 0844 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/05 06:41:24.0299 0844 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/05 06:41:24.0346 0844 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/05 06:41:24.0475 0844 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/05 06:41:24.0506 0844 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/05 06:41:24.0542 0844 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/05 06:41:24.0670 0844 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/05 06:41:24.0709 0844 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/05 06:41:24.0779 0844 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/05 06:41:24.0922 0844 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/05 06:41:24.0988 0844 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/05 06:41:25.0037 0844 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/05 06:41:25.0194 0844 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/05 06:41:25.0251 0844 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/05 06:41:25.0314 0844 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/05 06:41:25.0429 0844 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/05 06:41:25.0480 0844 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/05 06:41:25.0629 0844 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/05 06:41:25.0678 0844 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/05 06:41:25.0830 0844 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/05 06:41:25.0890 0844 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/05 06:41:26.0011 0844 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/05 06:41:26.0063 0844 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/05 06:41:26.0198 0844 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/05 06:41:26.0253 0844 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/05 06:41:26.0323 0844 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/05 06:41:26.0496 0844 Normandy (725c122397718b813d0e8249ea638cd6) C:\Windows\system32\drivers\Normandy.sys
2011/05/05 06:41:26.0551 0844 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/05 06:41:26.0679 0844 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/05 06:41:26.0766 0844 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/05 06:41:26.0887 0844 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/05/05 06:41:26.0931 0844 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/05 06:41:26.0968 0844 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/05 06:41:27.0018 0844 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/05/05 06:41:27.0147 0844 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/05 06:41:27.0189 0844 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/05 06:41:27.0248 0844 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/05 06:41:27.0435 0844 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/05 06:41:27.0595 0844 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/05 06:41:27.0642 0844 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/05 06:41:27.0685 0844 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/05 06:41:27.0821 0844 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/05 06:41:27.0875 0844 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/05 06:41:28.0008 0844 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/05 06:41:28.0136 0844 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/05 06:41:28.0307 0844 PhSerUsb (4fbc01b345f7938d84f3031ab3401ac8) C:\Windows\system32\DRIVERS\lenovoSerUsb.sys
2011/05/05 06:41:28.0405 0844 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/05 06:41:28.0444 0844 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/05 06:41:28.0621 0844 Protector (cd7aa059dc730ddb050dfe70dea74080) C:\Windows\system32\drivers\Protector.sys
2011/05/05 06:41:28.0678 0844 ProtectorA (6832fda5f76f5de5cb1d052a1dd4847a) C:\Windows\system32\drivers\ProtectorA.sys
2011/05/05 06:41:28.0821 0844 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/05 06:41:28.0889 0844 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/05 06:41:29.0028 0844 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/05 06:41:29.0091 0844 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/05 06:41:29.0218 0844 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/05 06:41:29.0265 0844 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/05 06:41:29.0323 0844 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/05 06:41:29.0463 0844 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/05 06:41:29.0491 0844 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/05 06:41:29.0541 0844 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/05 06:41:29.0678 0844 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/05 06:41:29.0738 0844 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/05 06:41:29.0859 0844 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/05 06:41:29.0975 0844 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/05 06:41:30.0075 0844 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/05 06:41:30.0209 0844 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/05 06:41:30.0329 0844 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/05 06:41:30.0399 0844 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/05 06:41:30.0454 0844 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/05 06:41:30.0581 0844 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/05 06:41:30.0647 0844 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/05 06:41:30.0684 0844 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/05 06:41:30.0776 0844 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/05 06:41:30.0854 0844 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/05 06:41:30.0891 0844 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/05 06:41:30.0991 0844 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/05 06:41:31.0080 0844 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/05 06:41:31.0245 0844 SNP2UVC (ef1f141a83c61503333569d2862f3999) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/05/05 06:41:31.0418 0844 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/05 06:41:31.0496 0844 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/05 06:41:31.0635 0844 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/05 06:41:31.0704 0844 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/05 06:41:31.0787 0844 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/05 06:41:31.0906 0844 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/05 06:41:31.0931 0844 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/05 06:41:31.0966 0844 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/05 06:41:32.0289 0844 SynTP (c5f25d490d0915732508fd421bf76d93) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/05 06:41:32.0436 0844 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/05/05 06:41:32.0513 0844 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\Windows\system32\DRIVERS\tapvpn.sys
2011/05/05 06:41:32.0695 0844 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/05 06:41:32.0850 0844 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/05 06:41:32.0965 0844 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/05 06:41:33.0013 0844 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/05 06:41:33.0102 0844 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/05 06:41:33.0191 0844 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/05 06:41:33.0249 0844 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/05 06:41:33.0378 0844 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/05 06:41:33.0482 0844 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/05 06:41:33.0559 0844 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/05 06:41:33.0628 0844 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/05 06:41:33.0693 0844 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/05 06:41:33.0801 0844 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/05 06:41:33.0897 0844 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/05 06:41:33.0989 0844 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/05 06:41:34.0066 0844 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/05 06:41:34.0165 0844 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/05 06:41:34.0279 0844 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/05 06:41:34.0388 0844 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/05 06:41:34.0470 0844 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/05 06:41:34.0556 0844 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/05 06:41:34.0649 0844 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/05 06:41:34.0748 0844 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/05 06:41:34.0819 0844 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/05 06:41:34.0928 0844 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/05 06:41:35.0023 0844 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/05 06:41:35.0110 0844 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/05 06:41:35.0199 0844 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/05 06:41:35.0240 0844 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/05 06:41:35.0341 0844 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/05/05 06:41:35.0434 0844 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/05 06:41:35.0525 0844 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/05 06:41:35.0598 0844 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/05 06:41:35.0686 0844 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/05 06:41:35.0767 0844 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/05 06:41:35.0814 0844 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/05 06:41:35.0919 0844 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/05 06:41:36.0058 0844 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/05 06:41:36.0130 0844 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/05 06:41:36.0189 0844 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/05 06:41:36.0327 0844 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 06:41:36.0343 0844 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 06:41:36.0405 0844 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/05 06:41:36.0467 0844 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/05 06:41:36.0654 0844 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/05 06:41:36.0854 0844 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/05/05 06:41:36.0918 0844 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/05 06:41:37.0150 0844 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/05 06:41:37.0195 0844 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/05 06:41:37.0398 0844 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/05 06:41:37.0562 0844 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/05 06:41:37.0726 0844 zgdccat (a705420b72941747e9840c248b0d0fbb) C:\Windows\system32\DRIVERS\zgdccat.sys
2011/05/05 06:41:37.0765 0844 zgdccdiag (a705420b72941747e9840c248b0d0fbb) C:\Windows\system32\DRIVERS\zgdccdiag.sys
2011/05/05 06:41:37.0797 0844 zgdccmdm (a705420b72941747e9840c248b0d0fbb) C:\Windows\system32\DRIVERS\zgdccmdm.sys
2011/05/05 06:41:37.0941 0844 zgdccvousb (a705420b72941747e9840c248b0d0fbb) C:\Windows\system32\DRIVERS\zgdccvousb.sys
2011/05/05 06:41:38.0193 0844 ================================================================================
2011/05/05 06:41:38.0193 0844 Scan finished
2011/05/05 06:41:38.0193 0844 ================================================================================

broni · 2011/05/04

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

JuanP · 2011/05/04

I desinstalled AVG with the APP remover but combofix is still detecting avg even after restart....

broni · 2011/05/04

Does it warn you only, or it totally refuses to run, because of AVG?
If the first case, run it anyway.

JuanP · 2011/05/04

It completely refuses to run telling me to uninstall AVG or use another programme.

broni · 2011/05/04

OK....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Double-click SystemLook.exe to run it.

Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
*avg*
:folderfind
*avg*
:regfind
*avg*
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

JuanP · 2011/05/04

SystemLook 04.09.10 by jpshortstuff
Log created at 07:18 on 05/05/2011 by Joan
Administrator - Elevation successful

========== filefind ==========

Searching for "*avg* "
C:\Program Files\AVG\AVG9\avgcfgx.dll --a---- 942944 bytes [21:01 18/07/2010] [14:29 23/09/2010] 6060390AC5B9F7EC2E62B1EB2D5D50C6
C:\Program Files\AVG\AVG9\avgchclx.dll --a---- 302432 bytes [20:58 18/07/2010] [14:23 23/09/2010] 05573096E8C9574AC733114D74FB2ECD
C:\Program Files\AVG\AVG9\avgchjwx.dll --a---- 556896 bytes [20:58 18/07/2010] [05:09 25/11/2010] E9DC2ECE7A0C77821B2C6364086F239B
C:\Program Files\AVG\AVG9\avgchsvx.exe --a---- 1101152 bytes [20:58 18/07/2010] [20:58 18/07/2010] 031DD8DBD4B958B5765C8C111CB1EA03
C:\Program Files\AVG\AVG9\avgclitx.dll --a---- 404832 bytes [20:58 18/07/2010] [05:09 25/11/2010] C4BD9B642BE1F65663B34FBAD79FFAB2
C:\Program Files\AVG\AVG9\avgcmgr.exe --a---- 1086816 bytes [21:01 18/07/2010] [21:01 18/07/2010] 0004751290ABFFCE9D1AD35C1B193C37
C:\Program Files\AVG\AVG9\avgcorex.dll --a---- 4936032 bytes [20:58 18/07/2010] [01:30 15/03/2011] 3AAE744A33D3464146C359105D5D323F
C:\Program Files\AVG\AVG9\avgcslx.dll --a---- 1209672 bytes [01:30 15/03/2011] [01:30 15/03/2011] 44C9747E0343C3A139C626931438FFFA
C:\Program Files\AVG\AVG9\avgcsrvx.exe --a---- 725344 bytes [20:59 18/07/2010] [05:09 25/11/2010] 737A5253008BE7F12ACEDD6876F24B4B
C:\Program Files\AVG\AVG9\avgdumpx.exe --a---- 101216 bytes [21:01 18/07/2010] [21:01 18/07/2010] 72E459B5846CD29584081475B3B0C900
C:\Program Files\AVG\AVG9\avgf9us.chm --a---- 226350 bytes [01:27 24/05/2010] [05:09 25/11/2010] C7BA988A5C5B28FB61BDCD7888B8ED75
C:\Program Files\AVG\AVG9\avgfree_us.mht --a---- 59850 bytes [21:01 18/07/2010] [01:25 05/10/2010] 97D801739E0AA34068AD490813D5EF96
C:\Program Files\AVG\AVG9\avgfrw.exe --a---- 1281888 bytes [21:01 18/07/2010] [05:09 25/11/2010] CDE7DA26EF573D926A96B72B26D12BEA
C:\Program Files\AVG\AVG9\avginet.dll --a---- 813408 bytes [01:23 24/05/2010] [20:55 18/07/2010] 0EF26DE35E1FACF8CC46C651A9E1D83B
C:\Program Files\AVG\AVG9\avgiproxy.exe --a---- 625504 bytes [01:24 24/05/2010] [20:55 18/07/2010] 43D1D57CE9493E70B5528620AD12E9C9
C:\Program Files\AVG\AVG9\avglngx.dll --a---- 303968 bytes [21:01 18/07/2010] [21:01 18/07/2010] 6E369ACB5D93EC872CABB3FB066FE96F
C:\Program Files\AVG\AVG9\avglogx.dll --a---- 313696 bytes [21:01 18/07/2010] [21:01 18/07/2010] 4A2FC89ED82ABE547DDE1B7443C5F321
C:\Program Files\AVG\AVG9\avglvex.dll --a---- 931168 bytes [21:01 18/07/2010] [21:01 18/07/2010] 8AF3D23A5D5D3AF48ED225118497EF76
C:\Program Files\AVG\AVG9\avgmail.dll --a---- 161632 bytes [21:01 18/07/2010] [21:01 18/07/2010] 8813D2E70E5D5CB182795FEB2FEBA646
C:\Program Files\AVG\AVG9\avgmtrapx.dll --a---- 652640 bytes [21:01 18/07/2010] [21:01 18/07/2010] F28BBB747910182C032D7A73C94616E2
C:\Program Files\AVG\AVG9\avgmvflx.dll --a---- 231264 bytes [21:01 18/07/2010] [21:01 18/07/2010] 5A7D4F5D293B48584AE2112ED5DB4132
C:\Program Files\AVG\AVG9\avgmwdef_us.mht --a---- 20872 bytes [21:01 18/07/2010] [21:01 18/07/2010] 2339BB93FA22F003703E99EBB3B8ED5B
C:\Program Files\AVG\AVG9\avgnsx.exe --a---- 621920 bytes [14:29 23/09/2010] [14:29 23/09/2010] 4728D3BC556D677591797D600C47467C
C:\Program Files\AVG\AVG9\avgpp.dll --a---- 91488 bytes [21:01 18/07/2010] [21:01 18/07/2010] 3D9895B981AFAC3CE2ABE9C0A63D949A
C:\Program Files\AVG\AVG9\avgresf.dll --a---- 2332000 bytes [20:59 18/07/2010] [20:59 18/07/2010] 8318731D78ED50A4C85FF8AB6EE84EEC
C:\Program Files\AVG\AVG9\avgrsx.exe --a---- 515424 bytes [21:01 18/07/2010] [21:01 18/07/2010] 5654DB4719A3C52684A20C1CA443BF8F
C:\Program Files\AVG\AVG9\avgsbfree_us.mht --a---- 16566 bytes [21:01 18/07/2010] [21:01 18/07/2010] A08274E9F97507796BB03D3589895C54
C:\Program Files\AVG\AVG9\avgscanx.dll --a---- 257888 bytes [21:01 18/07/2010] [21:01 18/07/2010] 61C8FAE993D723E19078D4CAE8FC47A3
C:\Program Files\AVG\AVG9\avgscanx.exe --a---- 755552 bytes [21:01 18/07/2010] [05:09 25/11/2010] 578E98661CA606EA2976D7F7017AB25A
C:\Program Files\AVG\AVG9\avgsched.dll --a---- 547168 bytes [21:01 18/07/2010] [01:30 15/03/2011] 0F80A1A931A25A39A6F339FBD001BF3F
C:\Program Files\AVG\AVG9\avgse.dll --a---- 125280 bytes [21:01 18/07/2010] [21:01 18/07/2010] 34028074A7BC35E22697058BE5E04645
C:\Program Files\AVG\AVG9\avgsrmax.exe --a---- 386400 bytes [21:01 18/07/2010] [21:01 18/07/2010] 8FF6BFBAE790FDEC046A453F9B9D67E4
C:\Program Files\AVG\AVG9\avgsrmx.dll --a---- 598880 bytes [21:01 18/07/2010] [14:29 23/09/2010] 7C0D60CEB9D710B70D50FCAD7955F406
C:\Program Files\AVG\AVG9\avgssie.dll --a---- 1623392 bytes [01:33 27/10/2010] [05:09 25/11/2010] 7F18C04F815DDCBEB9E836756CAFC479
C:\Program Files\AVG\AVG9\avgtbapi.dll --a---- 473440 bytes [05:38 17/08/2010] [05:38 17/08/2010] 542CCF13B58215E3894AA2C396C7D74D
C:\Program Files\AVG\AVG9\AVGToolbarInstall.exe --a---- 1460264 bytes [05:38 17/08/2010] [05:38 17/08/2010] 96B62674AC66E09B3A44C28DACD032BE
C:\Program Files\AVG\AVG9\avgtray.exe --a---- 2071904 bytes [21:01 18/07/2010] [01:30 15/03/2011] 035A4DC0EA6506F422EBF388DE9EE720
C:\Program Files\AVG\AVG9\avgtrial_us.mht --a---- 20412 bytes [21:01 18/07/2010] [21:01 18/07/2010] 5F19AF783C6AC2100F55AC865A609181
C:\Program Files\AVG\AVG9\avgui.exe --a---- 4109664 bytes [14:30 23/09/2010] [01:30 15/03/2011] E386E8F3CCDDEE50078753A63ABC2491
C:\Program Files\AVG\AVG9\avguiadv.dll --a---- 2451296 bytes [21:01 18/07/2010] [01:30 15/03/2011] 6A4026C80951BC443CA4EDD3BC7C5C94
C:\Program Files\AVG\AVG9\avguires.dll --a---- 3951968 bytes [21:01 18/07/2010] [21:01 18/07/2010] FBF5B6F86E07FA0A9537B24FE04AA7EA
C:\Program Files\AVG\AVG9\avgupd.dll --a---- 1710432 bytes [01:24 24/05/2010] [01:29 15/03/2011] 81A9AF0606329577DE607CA412CF2FC9
C:\Program Files\AVG\AVG9\avgupd.exe --a---- 1053536 bytes [01:24 24/05/2010] [01:29 15/03/2011] 999C2ADC8CF80182178782F6A1F976A0
C:\Program Files\AVG\AVG9\avgvvx.dll --a---- 644448 bytes [21:01 18/07/2010] [21:01 18/07/2010] 01C10B077D464FEA240A7B1B71A123BC
C:\Program Files\AVG\AVG9\avgwd.dll --a---- 1543624 bytes [21:01 18/07/2010] [01:30 15/03/2011] 91B4689702CC07266246DD2B4E8A4A33
C:\Program Files\AVG\AVG9\avgwdsvc.exe --a---- 308136 bytes [21:01 18/07/2010] [21:01 18/07/2010] C4D15594DB5BE042D3346EA58DF87D89
C:\Program Files\AVG\AVG9\avgwdwsc.dll --a---- 423520 bytes [21:01 18/07/2010] [21:01 18/07/2010] 1768312EF86F64620ABBCE147BDB764D
C:\Program Files\AVG\AVG9\avgwsc.exe --a---- 719088 bytes [21:01 18/07/2010] [21:01 18/07/2010] AD7015693E4ECBB97E7B64B6E2E0694E
C:\Program Files\AVG\AVG9\avgxch32.dll --a---- 345440 bytes [20:59 18/07/2010] [20:59 18/07/2010] 75A3476DA9ABAF37A5758F871D4673BD
C:\Program Files\AVG\AVG9\avgxpl.dll --a---- 1107296 bytes [21:01 18/07/2010] [01:30 15/03/2011] 7E279342D3FD9FF473A8FE946F21D280
C:\Program Files\AVG\AVG9\Firefox\Components\avgssff.dll --a---- 1377632 bytes [14:29 23/09/2010] [14:29 23/09/2010] F76CA1838554E910A232FC3CB522E9B7
C:\Program Files\AVG\AVG9\Notification\AvgtbUpgradeTE.exe --a---- 369992 bytes [05:36 17/08/2010] [05:36 17/08/2010] 5C497E8135DD3179C148234174FC1E6B
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmAVGSafe.gif --a---- 4466 bytes [08:08 08/10/2010] [14:56 05/08/2009] 854B2C1FDAFE4B389CF37EE1DDF0EF30
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoAVGInfo.png --a---- 1179 bytes [08:08 08/10/2010] [14:56 05/08/2009] 8A48E8BEB7B0A4D3AC62BC73F7E61568
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\avgapi.js --a---- 5135 bytes [08:08 08/10/2010] [21:06 29/06/2010] 4C99E34C69E0D7E6B559B996F3036662
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils.xpt --a---- 586 bytes [08:08 08/10/2010] [21:06 29/06/2010] E366AF471C6441D5598671E7960B0C75
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll --a---- 111944 bytes [08:07 08/10/2010] [06:22 30/06/2010] 082F2F716DF0F17974E4BCECABB8174C
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll --a---- 111944 bytes [08:07 08/10/2010] [06:22 30/06/2010] 835DFF3FBF26E15A694AB577569C00C4
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll --a---- 111944 bytes [08:08 08/10/2010] [06:22 30/06/2010] 8F246F28C0EF062B479C13E7F5078D70
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgdatabaseversion.xpt --a---- 228 bytes [08:08 08/10/2010] [01:59 10/03/2009] 4D929D7914A7B46FC304E5344251152A
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgprogramversion.xpt --a---- 191 bytes [08:08 08/10/2010] [01:11 10/03/2009] A2CD57D2ACA3AE5C0C5FF41883632FB0
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgsearchratingsconfig.xpt --a---- 374 bytes [08:08 08/10/2010] [01:59 10/03/2009] 04859E0D839975E2B65A9369D251C057
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgtbapi.dll --a---- 91464 bytes [08:08 08/10/2010] [06:22 30/06/2010] 2B0C80CDCEC1046F36074F5BE8B8D03D
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgtbapi.xpt --a---- 1023 bytes [08:08 08/10/2010] [21:04 13/06/2010] 3C6DCD873B5E79005E1AAA77F380A0A8
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgverdicts.xpt --a---- 187 bytes [08:08 08/10/2010] [20:23 04/01/2010] 48BDB288DE5E86FF4FFEE6B4387C94D7
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared-old\components\IGeared_tavgp_xputils2.dll --a---- 110664 bytes [05:38 17/08/2010] [02:25 19/04/2010] 59E1252BE35661211E16C016A1BB4A5A
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared-old\components\IGeared_tavgp_xputils3.dll --a---- 110664 bytes [05:38 17/08/2010] [02:25 19/04/2010] E327A6A80F1698D4D9CC3A2D62B491AA
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared-old\components\IGeared_tavgp_xputils35.dll --a---- 110664 bytes [05:38 17/08/2010] [02:25 19/04/2010] 82F60D79A1DE0F077BD5DE295B8EC5DF
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared-old\components\xpavgtbapi.dll --a---- 102472 bytes [05:38 17/08/2010] [02:25 19/04/2010] F94E4F35957D3B017FBA2961A1DB024C
C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml --a---- 2359 bytes [05:38 17/08/2010] [02:44 29/10/2010] CA8BBC3598DCF8AD2D63BDA42E32280F
C:\Program Files\Spyware Doctor\avengine\SDAVgate.dll --a---- 186248 bytes [23:38 07/10/2008] [05:19 30/10/2008] 9F696133C51479C65DBD64A6AE6EC3D2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG PC Tuneup 2011 on the Web.lnk --a---- 1611 bytes [01:50 21/04/2011] [01:50 21/04/2011] C19A7B99C47B3B2420567B0FD853C199
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG PC Tuneup 2011.lnk --a---- 952 bytes [01:50 21/04/2011] [01:50 21/04/2011] 9B27A2A89E7C1DEB8426918979B9A0FB
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG Rescue Center.lnk --a---- 962 bytes [01:50 21/04/2011] [01:50 21/04/2011] E6643C1299C8569E16879AA972EF89CE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Uninstall AVG PC Tuneup 2011.lnk --a---- 942 bytes [01:50 21/04/2011] [01:50 21/04/2011] 87B209C38E4CAA87F5DAE6FB642BB19B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Console Defragmentation.lnk --a---- 1555 bytes [01:50 21/04/2011] [01:50 21/04/2011] 850EC2BBA11D1AC8A33AB8B408172C09
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Cleaner.lnk --a---- 963 bytes [01:50 21/04/2011] [01:50 21/04/2011] 343C0224C7E157E691C691C35407AFCD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Defrag.lnk --a---- 958 bytes [01:50 21/04/2011] [01:50 21/04/2011] 00B8BCF06DEE04AB36B8B53F49820AA9
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Doctor.lnk --a---- 958 bytes [01:50 21/04/2011] [01:50 21/04/2011] D784FB953EAA4BEF0960DDDB875D7FE2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Explorer.lnk --a---- 968 bytes [01:50 21/04/2011] [01:50 21/04/2011] 6E744A5D8D0BE9C5FEE7861658B82707
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Wiper.lnk --a---- 953 bytes [01:50 21/04/2011] [01:50 21/04/2011] 7921620042562104AB8ABFCF95B3CE64
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Duplicate File Finder.lnk --a---- 1003 bytes [01:50 21/04/2011] [01:50 21/04/2011] C74886F348F9C179099CD1A70CC8ABB0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG File Recovery.lnk --a---- 968 bytes [01:50 21/04/2011] [01:50 21/04/2011] 2DE2F4BAC4C473FE74FE45A93D7DDDC4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG File Shredder.lnk --a---- 968 bytes [01:50 21/04/2011] [01:50 21/04/2011] 15B7C0B9BDD04C3BB9A5623E603E7937
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Internet Optimizer.lnk --a---- 993 bytes [01:50 21/04/2011] [01:50 21/04/2011] 2F77F909FECE0178A19C13A24889A8A9
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Registry Cleaner.lnk --a---- 958 bytes [01:50 21/04/2011] [01:50 21/04/2011] C660F7850361A7868BD0944600ABD093
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Registry Defrag.lnk --a---- 978 bytes [01:50 21/04/2011] [01:50 21/04/2011] 47BB0B34F84359CEFC4E5EA358A1BE43
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Rescue Center.lnk --a---- 968 bytes [01:50 21/04/2011] [01:50 21/04/2011] 5E87FAD06746F6A3071A0049B8A88178
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Service Manager.lnk --a---- 978 bytes [01:50 21/04/2011] [01:50 21/04/2011] A79BA57FADDE1A124E73AF8458728AC9
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Startup Manager.lnk --a---- 978 bytes [01:50 21/04/2011] [01:50 21/04/2011] 6B9CD004D6CC9D69FF5636E3E4093FFB
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG System Information.lnk --a---- 993 bytes [01:50 21/04/2011] [01:50 21/04/2011] 8E0FC3DAA2BBC7CEC503B560EB7C6AB2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Task Manager.lnk --a---- 963 bytes [01:50 21/04/2011] [01:50 21/04/2011] 0430AF7F0CB402731B0BE3991F5B981A
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Track Eraser.lnk --a---- 963 bytes [01:50 21/04/2011] [01:50 21/04/2011] 7963A444C0871B7E2D2BCDC3AF93DF8C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Tweak Manager.lnk --a---- 968 bytes [01:50 21/04/2011] [01:50 21/04/2011] 89C15F4C7D6B3D9470815301466CE5B0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Uninstall Manager.lnk --a---- 978 bytes [01:50 21/04/2011] [01:50 21/04/2011] D5C0E6F01B311EA96C6D1FBFBB45B473
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG PC Tuneup 2011 on the Web.lnk --a---- 1611 bytes [01:50 21/04/2011] [01:50 21/04/2011] C19A7B99C47B3B2420567B0FD853C199
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG PC Tuneup 2011.lnk --a---- 952 bytes [01:50 21/04/2011] [01:50 21/04/2011] 9B27A2A89E7C1DEB8426918979B9A0FB
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG Rescue Center.lnk --a---- 962 bytes [01:50 21/04/2011] [01:50 21/04/2011] E6643C1299C8569E16879AA972EF89CE
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Uninstall AVG PC Tuneup 2011.lnk --a---- 942 bytes [01:50 21/04/2011] [01:50 21/04/2011] 87B209C38E4CAA87F5DAE6FB642BB19B
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Console Defragmentation.lnk --a---- 1555 bytes [01:50 21/04/2011] [01:50 21/04/2011] 850EC2BBA11D1AC8A33AB8B408172C09
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Cleaner.lnk --a---- 963 bytes [01:50 21/04/2011] [01:50 21/04/2011] 343C0224C7E157E691C691C35407AFCD
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Defrag.lnk --a---- 958 bytes [01:50 21/04/2011] [01:50 21/04/2011] 00B8BCF06DEE04AB36B8B53F49820AA9
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Doctor.lnk --a---- 958 bytes [01:50 21/04/2011] [01:50 21/04/2011] D784FB953EAA4BEF0960DDDB875D7FE2
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Explorer.lnk --a---- 968 bytes [01:50 21/04/2011] [01:50 21/04/2011] 6E744A5D8D0BE9C5FEE7861658B82707
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Wiper.lnk --a---- 953 bytes [01:50 21/04/2011] [01:50 21/04/2011] 7921620042562104AB8ABFCF95B3CE64
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Duplicate File Finder.lnk --a---- 1003 bytes [01:50 21/04/2011] [01:50 21/04/2011] C74886F348F9C179099CD1A70CC8ABB0
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG File Recovery.lnk --a---- 968 bytes [01:50 21/04/2011] [01:50 21/04/2011] 2DE2F4BAC4C473FE74FE45A93D7DDDC4
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG File Shredder.lnk --a---- 968 bytes [01:50 21/04/2011] [01:50 21/04/2011] 15B7C0B9BDD04C3BB9A5623E603E7937
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Internet Optimizer.lnk --a---- 993 bytes [01:50 21/04/2011] [01:50 21/04/2011] 2F77F909FECE0178A19C13A24889A8A9
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Registry Cleaner.lnk --a---- 958 bytes [01:50 21/04/2011] [01:50 21/04/2011] C660F7850361A7868BD0944600ABD093
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Registry Defrag.lnk --a---- 978 bytes [01:50 21/04/2011] [01:50 21/04/2011] 47BB0B34F84359CEFC4E5EA358A1BE43
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Rescue Center.lnk --a---- 968 bytes [01:50 21/04/2011] [01:50 21/04/2011] 5E87FAD06746F6A3071A0049B8A88178
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Service Manager.lnk --a---- 978 bytes [01:50 21/04/2011] [01:50 21/04/2011] A79BA57FADDE1A124E73AF8458728AC9
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Startup Manager.lnk --a---- 978 bytes [01:50 21/04/2011] [01:50 21/04/2011] 6B9CD004D6CC9D69FF5636E3E4093FFB
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG System Information.lnk --a---- 993 bytes [01:50 21/04/2011] [01:50 21/04/2011] 8E0FC3DAA2BBC7CEC503B560EB7C6AB2
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Task Manager.lnk --a---- 963 bytes [01:50 21/04/2011] [01:50 21/04/2011] 0430AF7F0CB402731B0BE3991F5B981A
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Track Eraser.lnk --a---- 963 bytes [01:50 21/04/2011] [01:50 21/04/2011] 7963A444C0871B7E2D2BCDC3AF93DF8C
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Tweak Manager.lnk --a---- 968 bytes [01:50 21/04/2011] [01:50 21/04/2011] 89C15F4C7D6B3D9470815301466CE5B0
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Uninstall Manager.lnk --a---- 978 bytes [01:50 21/04/2011] [01:50 21/04/2011] D5C0E6F01B311EA96C6D1FBFBB45B473
C:\Users\Joan\AppData\LocalLow\AVGTOOLBAR\avglinks.bmp --a---- 824 bytes [13:13 15/09/2008] [04:01 15/09/2008] E8D5762FF68B81789DF242B9A4BAC1F4
C:\Users\Joan\AppData\LocalLow\AVGTOOLBAR\avglogo.bmp --a---- 2648 bytes [13:13 15/09/2008] [04:01 15/09/2008] 4B44A49F2F7DFE87B34DB5FD00383729
C:\Users\Joan\AppData\LocalLow\AVGTOOLBAR\avgstatus.bmp --a---- 824 bytes [13:13 15/09/2008] [04:01 15/09/2008] 9B85B2296EE18ABC0349246A0596AFA3
C:\Users\Joan\AppData\LocalLow\AVGTOOLBAR\avgstatus_error.bmp --a---- 824 bytes [13:13 15/09/2008] [04:01 15/09/2008] D2E53E3180159A6B2739F6E77717C93D
C:\Users\Joan\AppData\LocalLow\AVGTOOLBAR\avgtoolbartb0502.cfg --a---- 18315 bytes [13:13 15/09/2008] [05:42 25/10/2008] FCFB8F2A53D6EC09CED32B54F9B6B85B
C:\Users\Joan\AppData\Roaming\aAvgApi\avgapi.log --a---- 58 bytes [10:17 17/09/2008] [10:17 17/09/2008] B222AEA73854B7D18E696907451D427C
C:\Users\Joan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk --a---- 958 bytes [01:50 21/04/2011] [01:50 21/04/2011] 3F482404DB0CD21D1E7BF4F98B00C796
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@avgtechnologies.112.2o7[2].txt --a---- 195 bytes [03:06 31/05/2010] [03:06 31/05/2010] FB6BDF7A34C16F1E434E625A7B931A67
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@avg[1].txt --a---- 250 bytes [01:23 20/12/2010] [01:23 20/12/2010] DEF652BAE1F6061027B1ECC53C7616F9
C:\Users\Joan\Desktop\AVG PC Tuneup 2011.lnk --a---- 934 bytes [01:50 21/04/2011] [01:50 21/04/2011] 2A89A2BD0686DA565C5B485D3ED220D6
C:\Users\Joan\Desktop\avgrep.txt --a---- 312 bytes [09:06 20/04/2011] [02:16 21/04/2011] 793F0621CB62A8FD3E3BB42C2663F147
C:\Windows\Prefetch\AVGSCANX.EXE-5BD46372.pf --a---- 38338 bytes [16:00 09/04/2011] [16:00 18/04/2011] 08480129CEB5342D19E151F0D0458F06

========== folderfind ==========

Searching for "*avg* "
C:\Program Files\AVG d------ [05:42 25/10/2008]
C:\Program Files\AVG\AVG9 d------ [01:20 24/05/2010]
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared d------ [08:07 08/10/2010]
C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared-old d------ [05:38 17/08/2010]
C:\ProgramData\avg9 d------ [01:19 24/05/2010]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 d------ [01:50 21/04/2011]
C:\Users\All Users\avg9 d------ [01:19 24/05/2010]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 d------ [01:50 21/04/2011]
C:\Users\Joan\AppData\Local\AVG Security Toolbar d------ [06:42 17/08/2010]
C:\Users\Joan\AppData\LocalLow\AVG Security Toolbar d------ [12:57 13/10/2010]
C:\Users\Joan\AppData\LocalLow\AVGTOOLBAR d------ [04:01 15/09/2008]
C:\Users\Joan\AppData\Roaming\aAvgApi d------ [10:17 17/09/2008]
C:\Users\Joan\AppData\Roaming\AVG d------ [02:06 21/04/2011]

========== regfind ==========

Searching for "*avg* "
No data found.

-= EOF =-

Log in or Sign up

Inactive Special circumstance for logs

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

JuanP Inactive Thread Starter

JuanP Inactive Thread Starter

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

JuanP Inactive Thread Starter

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Special circumstance for logs

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

JuanP Inactive Thread Starter

JuanP Inactive Thread Starter

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

JuanP Inactive Thread Starter

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

broni Moderator Malware Analyst

JuanP Inactive Thread Starter

Share This Page

Useful Searches