Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet Explorer Running On Its Own

Started by Dark Boo , Jul 19 2011 06:01 AM

This topic is locked

#1
Dark Boo

Posted 19 July 2011 - 06:01 AM

Member

Member
10 posts

I'm new to this type of thing so sorry for not being coherent
- I've all of the sudden obtained this "Trojan" or "Hi-Jacker"
It runs IE and then download things like "Security Protect" "Malware Protection" (Did this yesterday) and they close EVERYTHING and only allow me to run those programs. It want to make me buy some software by providing false information about my system and it uses IE explorer alot. One time, it ran Memory (Private Working Set) 392,091. I ran tons of things like Malware's Anti-Malware / Norman Malware Cleaner / Remove Fake Antivirus / Super Antispyware / Hijack This and my AVG. This all happen when I downloaded Skype from it's homepage. For some reason right now (I always start PC in safe mode) it isn't running after I did the OTL scan.

My Laptop is
Acer Aspire 5315
32-bit operating system
Windows Vista

Can you please help me...?
And the name of Malware Protect is Kaspersky and it's image name is like Llykfkskakiemdnansdks *No Joke*

#2
Essexboy

Posted 19 July 2011 - 01:40 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi to assist I will need to have a look at your system

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
Dark Boo

Posted 19 July 2011 - 03:33 PM

Member

Topic Starter
Member
10 posts

??? It didn't open OTL Extras

OTL Log

OTL logfile created on: 7/19/2011 5:12:21 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Boo\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.33 Mb Total Physical Memory | 163.80 Mb Available Physical Memory | 16.17% Memory free
2.24 Gb Paging File | 0.81 Gb Available in Paging File | 36.06% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 10.62 Gb Free Space | 15.22% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 67.74 Gb Free Space | 97.45% Space Free | Partition Type: NTFS

Computer Name: BOO-PC | User Name: Boo | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 23:51:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Boo\Downloads\OTL.exe
PRC - [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 14:51:08 | 000,683,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/24 15:57:54 | 000,107,008 | -H-- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

========== Modules (SafeList) ==========

MOD - [2011/07/14 23:51:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Boo\Downloads\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/21 21:25:46 | 000,118,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/06/21 21:25:44 | 000,257,736 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/06/21 21:24:12 | 001,076,832 | ---- | M] (Cyberlink) [Auto | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2007/06/05 13:13:28 | 000,024,576 | -H-- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/05/22 18:00:02 | 000,135,168 | -H-- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/05/17 01:15:22 | 000,163,840 | -H-- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/04/25 19:34:30 | 000,457,512 | -H-- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/03/14 13:52:30 | 000,024,576 | -H-- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/13 06:26:50 | 000,053,248 | -H-- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/24 15:57:54 | 000,107,008 | -H-- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/21 18:08:15 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nocashio.sys -- (nocashio)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/04 17:23:39 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/26 22:23:07 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\Windows\System32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/06/18 06:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/06/13 22:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/12/07 18:12:02 | 000,076,584 | -H-- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/09/19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook.com/
IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Start Searcher"
FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher"
FF - prefs.js..browser.search.defaulturl: "http://www.startsearcher.com/?q="
FF - prefs.js..browser.startup.homepage: "http://www.mariopart...k.com/home.php"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AutocompletePro\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/17 11:19:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/10 20:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/15 00:07:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\internetengine
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e641e573-5f45-49f4-a2b6-986c6a89d4ad}: C:\Program Files\Object\searchtoolbar

[2010/06/08 00:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boo\AppData\Roaming\Mozilla\Extensions
[2011/07/11 02:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\extensions
[2011/07/09 16:05:23 | 000,000,000 | ---D | M] (SocialRibbons LP 1) -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}
[2011/07/09 16:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}\chrome\content\dca\core\extensionManager
[2011/06/19 17:48:45 | 000,001,919 | ---- | M] () -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\searchplugins\bing-zugo.xml
[2011/05/21 19:45:45 | 000,002,470 | ---- | M] () -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\searchplugins\safesearch.xml
[2011/07/15 00:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/15 00:08:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/17 11:19:11 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/15 00:07:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ImageShack Toolbar) - {6932D140-ABC4-4073-A44C-D4A541665E35} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-397108202-2752575421-25471281-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-397108202-2752575421-25471281-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-397108202-2752575421-25471281-1000..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-397108202-2752575421-25471281-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-397108202-2752575421-25471281-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} http://toolbar.image...hackToolbar.cab (ImageShack Toolbar)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/21 17:03:18 | 000,000,073 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{88e0a045-0f5f-11df-b61d-001b387763aa}\Shell - "" = AutoRun
O33 - MountPoints2\{88e0a045-0f5f-11df-b61d-001b387763aa}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{be39ce56-742f-11df-89a2-001b387763aa}\Shell - "" = AutoRun
O33 - MountPoints2\{be39ce56-742f-11df-89a2-001b387763aa}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 22:05:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/18 20:32:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/07/18 17:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/17 20:59:48 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/17 20:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/07/17 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/07/15 02:20:38 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/15 00:49:11 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/15 00:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/15 00:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/15 00:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/15 00:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/07/15 00:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/15 00:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/14 21:47:44 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\AVG10
[2011/07/14 21:43:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/14 21:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/07/14 21:38:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/07/14 21:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/14 21:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/07/14 21:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/12 18:52:16 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\Skype
[2011/07/12 18:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/12 18:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/07/12 18:51:28 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/11 19:17:13 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\skypePM
[2011/07/11 19:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/07/11 13:05:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/11 13:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2011/07/11 13:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista
[2011/07/11 13:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
[2011/07/11 13:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Empowering Technology
[2011/07/11 13:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade
[2011/07/11 13:04:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/11 13:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/11 13:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI-83 Plus Flash Debugger
[2011/07/11 13:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sven Co-op
[2011/07/11 13:04:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/11 13:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/07/11 13:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCHTHACK PSOBB
[2011/07/11 13:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI CD & DVD-Maker 7
[2011/07/11 13:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup NOW! 4.7
[2011/07/11 13:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2011/07/11 13:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/07/11 13:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/11 13:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2011/07/11 13:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/11 13:04:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/11 13:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2011/07/11 13:04:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/11 13:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/07/11 13:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freebies Hack Engine
[2011/07/11 13:04:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
[2011/07/11 13:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2011/07/11 13:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deus Ex
[2011/07/11 13:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/07/11 13:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerProducer
[2011/07/11 13:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/07/10 21:19:57 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\Malwarebytes
[2011/07/10 21:19:48 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/10 21:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/10 21:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/10 17:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/07/09 16:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FreeCause
[2011/07/09 15:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Freebies Hack Engine
[2011/07/07 02:32:42 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\IObit
[2011/07/06 19:44:36 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wheel Of Fortune
[2011/07/05 09:05:25 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Local\WinMainAgent
[2011/06/30 16:49:56 | 000,000,000 | ---D | C] -- C:\Windows\Wheel Of Fortune
[2011/06/30 16:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Wheel Of Fortune
[2011/06/30 14:43:16 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BigJon PCGames Config Wizard
[2011/06/30 14:43:14 | 000,000,000 | ---D | C] -- C:\Windows\BigJon PCGames Config Wizard
[2011/06/30 14:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\BigJon PCGames Config Wizard
[2011/06/30 14:40:03 | 000,000,000 | ---D | C] -- C:\Windows\Your Product
[2011/06/30 14:34:17 | 000,000,000 | ---D | C] -- C:\Temp
[2011/06/20 21:51:40 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/06/20 17:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2011/06/20 16:54:24 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\System32\xvid.ax
[2010/02/01 14:25:26 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/07/31 09:43:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1998/04/27 01:00:00 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO350.DLL
[31 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/19 17:11:44 | 000,000,512 | ---- | M] () -- C:\Users\Boo\Desktop\MBR.dat
[2011/07/19 16:56:31 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011/07/19 14:47:54 | 000,610,310 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/19 14:47:54 | 000,105,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/19 08:29:16 | 000,001,705 | ---- | M] () -- C:\Users\Boo\Desktop\Wheel Of Fortune.lnk
[2011/07/19 08:26:14 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/18 18:07:46 | 122,731,489 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/07/18 17:38:45 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 20:59:15 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/17 18:40:14 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/07/17 11:19:13 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/15 04:18:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 04:18:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 00:48:38 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/14 12:21:59 | 000,383,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/11 19:38:54 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011/07/11 17:53:18 | 000,000,104 | ---- | M] () -- C:\Users\Boo\Desktop\Recycle Bin.lnk
[2011/07/11 17:23:45 | 000,002,645 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2011/07/11 16:41:32 | 000,000,953 | ---- | M] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/07/11 02:05:03 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2011/07/10 20:42:00 | 000,000,256 | ---- | M] () -- C:\ProgramData\~31448824
[2011/07/10 20:42:00 | 000,000,200 | ---- | M] () -- C:\ProgramData\~31448824r
[2011/07/10 20:09:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\31448824
[2011/07/09 21:16:10 | 000,000,537 | ---- | M] () -- C:\Users\Boo\Documents\Goldeneye.cpf
[2011/07/09 16:38:05 | 000,001,001 | ---- | M] () -- C:\Users\Boo\Desktop\Freebies Hack Engine.lnk
[2011/07/08 23:04:18 | 000,000,396 | ---- | M] () -- C:\Windows\n02.ini
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 15:28:02 | 000,344,064 | ---- | M] () -- C:\Users\Boo\Documents\Database2.accdb
[2011/07/06 15:27:52 | 000,348,160 | ---- | M] () -- C:\Users\Boo\Documents\Database1.accdb
[2011/07/06 14:34:38 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/07/05 15:44:18 | 000,000,537 | ---- | M] () -- C:\Users\Boo\Documents\Perfect Dark.cpf
[2011/06/21 18:00:01 | 000,029,696 | ---- | M] () -- C:\Users\Boo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/20 21:51:40 | 000,000,578 | ---- | M] () -- C:\Users\Boo\Desktop\Fraps.lnk
[2011/06/20 17:05:08 | 000,001,199 | ---- | M] () -- C:\Users\Boo\Desktop\WinX Free AVI to WMV Converter.lnk
[2011/06/20 16:55:34 | 000,000,067 | ---- | M] () -- C:\Windows\swf2avi.INI
[31 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/19 17:11:44 | 000,000,512 | ---- | C] () -- C:\Users\Boo\Desktop\MBR.dat
[2011/07/18 18:07:46 | 122,731,489 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/07/17 20:59:15 | 000,000,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/07/17 20:59:15 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/17 18:40:14 | 000,000,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/07/17 18:40:14 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/07/15 00:48:38 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/14 21:42:30 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/12 18:51:30 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/11 19:38:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/07/11 17:53:18 | 000,000,104 | ---- | C] () -- C:\Users\Boo\Desktop\Recycle Bin.lnk
[2011/07/11 16:41:32 | 000,000,953 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/07/11 13:29:11 | 000,000,240 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/07/11 13:29:10 | 000,001,722 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/07/11 13:29:10 | 000,001,699 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/07/11 13:29:10 | 000,000,258 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/11 13:29:10 | 000,000,199 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer HD Audio Manager - Shortcut.lnk
[2011/07/11 13:13:43 | 000,002,102 | ---- | C] () -- C:\Users\Boo\Desktop\TI-83 Plus Flash Debugger.lnk
[2011/07/11 13:13:43 | 000,000,965 | ---- | C] () -- C:\Users\Boo\Desktop\Switch to Gaming Mode.lnk
[2011/07/11 13:13:42 | 000,002,156 | ---- | C] () -- C:\Users\Boo\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/07/11 13:13:42 | 000,001,891 | ---- | C] () -- C:\Users\Boo\Desktop\Adobe Reader 9.lnk
[2011/07/11 13:13:42 | 000,001,867 | ---- | C] () -- C:\Users\Boo\Desktop\Acer Arcade.lnk
[2011/07/11 13:13:42 | 000,001,739 | ---- | C] () -- C:\Users\Boo\Desktop\DAEMON Tools Lite.lnk
[2011/07/11 13:13:42 | 000,001,698 | ---- | C] () -- C:\Users\Boo\Desktop\AIM.lnk
[2011/07/11 13:13:42 | 000,001,641 | ---- | C] () -- C:\Users\Boo\Desktop\Empowering Technology.lnk
[2011/07/11 13:13:42 | 000,001,001 | ---- | C] () -- C:\Users\Boo\Desktop\Freebies Hack Engine.lnk
[2011/07/11 13:13:42 | 000,000,953 | ---- | C] () -- C:\Users\Boo\Desktop\Game Booster.lnk
[2011/07/11 13:13:42 | 000,000,850 | ---- | C] () -- C:\Users\Boo\Desktop\Mozilla Firefox.lnk
[2011/07/11 13:13:42 | 000,000,756 | ---- | C] () -- C:\Users\Boo\Desktop\µTorrent.lnk
[2011/07/11 13:04:58 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2011/07/11 13:04:57 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/11 13:04:56 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/07/11 13:04:56 | 000,001,245 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/07/11 13:04:54 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2011/07/11 13:04:52 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Easy Transfer 7.lnk
[2011/07/11 13:04:50 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2011/07/11 13:04:45 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2011/07/11 13:04:45 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2011/07/11 13:04:44 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2011/07/11 13:04:43 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/11 13:04:43 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/07/11 13:04:43 | 000,001,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/07/11 13:04:43 | 000,001,731 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Registration.lnk
[2011/07/11 13:04:43 | 000,001,711 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
[2011/07/11 13:04:43 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/11 13:04:41 | 000,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
[2011/07/11 02:05:03 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2011/07/10 21:19:48 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/10 20:48:35 | 000,000,874 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/10 20:14:44 | 000,000,256 | ---- | C] () -- C:\ProgramData\~31448824
[2011/07/10 20:14:44 | 000,000,200 | ---- | C] () -- C:\ProgramData\~31448824r
[2011/07/10 20:09:01 | 000,000,336 | ---- | C] () -- C:\ProgramData\31448824
[2011/07/06 19:44:36 | 000,001,705 | ---- | C] () -- C:\Users\Boo\Desktop\Wheel Of Fortune.lnk
[2011/07/06 15:27:58 | 000,344,064 | ---- | C] () -- C:\Users\Boo\Documents\Database2.accdb
[2011/07/06 15:27:38 | 000,348,160 | ---- | C] () -- C:\Users\Boo\Documents\Database1.accdb
[2011/07/05 15:44:18 | 000,000,537 | ---- | C] () -- C:\Users\Boo\Documents\Perfect Dark.cpf
[2011/07/05 15:44:06 | 000,000,537 | ---- | C] () -- C:\Users\Boo\Documents\Goldeneye.cpf
[2011/06/20 21:51:40 | 000,000,578 | ---- | C] () -- C:\Users\Boo\Desktop\Fraps.lnk
[2011/06/20 17:05:08 | 000,001,199 | ---- | C] () -- C:\Users\Boo\Desktop\WinX Free AVI to WMV Converter.lnk
[2011/06/20 16:54:33 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2011/06/20 16:54:24 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/20 16:54:24 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/21 18:08:15 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\nocashio.sys
[2010/11/04 17:32:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/17 16:58:29 | 000,000,113 | ---- | C] () -- C:\Windows\System32\NemuAudio08.ini
[2010/06/08 00:08:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/28 13:55:28 | 000,000,552 | ---- | C] () -- C:\Users\Boo\AppData\Local\d3d8caps.dat
[2010/03/14 18:28:24 | 000,029,696 | ---- | C] () -- C:\Users\Boo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/27 22:29:33 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2010/02/27 04:02:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/02/26 22:43:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/26 22:43:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/07 01:20:10 | 000,000,396 | ---- | C] () -- C:\Windows\n02.ini
[2010/02/01 16:46:56 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2010/02/01 16:46:48 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2010/02/01 15:38:30 | 000,003,366 | ---- | C] () -- C:\Users\Boo\AppData\Roaming\wklnhst.dat
[2010/02/01 15:26:47 | 000,001,764 | ---- | C] () -- C:\Windows\kaillera.ini
[2010/02/01 14:25:26 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/07/31 11:01:29 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/31 09:50:23 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/07/31 09:44:29 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/07/31 09:44:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/07/31 09:43:32 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/07/31 08:07:59 | 000,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/31 08:07:10 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/31 08:07:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/04/25 19:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 19:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 19:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 19:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 19:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 19:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 18:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 08:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 08:53:49 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,383,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,610,310 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/02/01 14:43:24 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\acccore
[2010/02/01 14:30:13 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\Acer
[2011/07/14 21:47:44 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\AVG10
[2011/07/07 02:48:34 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\BitTorrent
[2011/07/17 20:59:48 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/07/05 00:03:03 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/09 21:36:54 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\DAEMON Tools Lite
[2010/08/29 17:35:53 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\fltk.org
[2010/08/22 00:51:45 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\gtk-2.0
[2011/07/07 02:32:42 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\IObit
[2010/02/27 21:44:18 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\iWin
[2010/02/01 14:30:02 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\Leadertech
[2010/08/24 17:30:11 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\Mael
[2010/12/23 02:45:21 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\ooVoo Details
[2010/07/03 16:44:56 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\SEGA
[2011/05/29 16:42:14 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\SoftGrid Client
[2010/02/01 15:38:33 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\Template
[2010/11/10 23:52:51 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\Tific
[2011/04/01 20:50:47 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\TP
[2011/07/19 15:14:59 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\uTorrent
[2010/07/04 23:18:35 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\WhiteSmokeSetup
[2011/07/18 18:49:46 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/01 13:29:18 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2DACE64E-2D18-4342-B58D-D61ABDCDA777}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >
[2011/07/10 20:02:44 | 000,000,000 | ---D | M] -- C:\Users\Boo\..\Boo\AppData\Local\Temp\smtmp
[2011/07/10 20:02:44 | 000,000,000 | ---D | M] -- C:\Users\Boo\..\Boo\AppData\Local\Temp\smtmp\1
[2011/07/10 20:02:44 | 000,000,000 | ---D | M] -- C:\Users\Boo\..\Boo\AppData\Local\Temp\smtmp\2
[2011/07/10 20:02:44 | 000,000,000 | ---D | M] -- C:\Users\Boo\..\Boo\AppData\Local\Temp\smtmp\4

< MD5 for: EXPLORER.EXE >
[2010/02/03 20:31:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/02/03 20:31:00 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/02/03 20:30:57 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/02/03 22:14:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/02/03 22:14:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/02/03 20:31:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:CF54F1CA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

aswMBR Log

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-19 17:09:41
-----------------------------
17:09:41.127 OS Version: Windows 6.0.6002 Service Pack 2
17:09:41.127 Number of processors: 1 586 0x1601
17:09:41.128 ComputerName: BOO-PC UserName: Boo
17:10:09.883 Initialize success
17:10:33.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
17:10:33.972 Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 3
17:10:34.018 Disk 0 MBR read successfully
17:10:34.023 Disk 0 MBR scan
17:10:34.029 Disk 0 unknown MBR code
17:10:34.035 Disk 0 scanning sectors +312578048
17:10:34.151 Disk 0 scanning C:\Windows\system32\drivers
17:10:43.367 Service scanning
17:10:48.573 Disk 0 trace - called modules:
17:10:48.624 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85146f16]<<
17:10:48.624 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8512a820]
17:10:48.624 3 CLASSPNP.SYS[86dd68b3] -> nt!IofCallDriver -> [0x8500f918]
17:10:48.625 5 acpi.sys[82b886bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84ff3230]
17:10:48.625 \Driver\atapi[0x84fc7b50] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x85146f16
17:10:48.625 Scan finished successfully
17:11:44.753 Disk 0 MBR has been saved successfully to "C:\Users\Boo\Desktop\MBR.dat"
17:11:44.762 The log file has been saved successfully to "C:\Users\Boo\Desktop\Post.txt"

- And thank you for deciding to help me

#4
Essexboy

Posted 20 July 2011 - 11:03 AM

GeekU Moderator

Retired Staff
69,964 posts

Did you have the rogue hard drive where your files/folders were hidden ? You may have the new variant TDL/MBR which I will need to confirm by doing two runs with MBRCheck, the first will show the problem or not and the second will get me a dump of the MBR to analyse

But first lets try and alleviate some of the problem, this may look like a lot to do but, most is automatic and should only take a short time for each run..

Download Unhide.exe to your desktop and run

THEN

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 6 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

FOLLOWED BY

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "Start Searcher"
FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher"
FF - prefs.js..browser.search.defaulturl: "http://www.startsearcher.com/?q="
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\internetengine
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e641e573-5f45-49f4-a2b6-986c6a89d4ad}: C:\Program Files\Object\searchtoolbar
[2011/07/09 16:05:23 | 000,000,000 | ---D | M] (SocialRibbons LP 1) -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ImageShack Toolbar) - {6932D140-ABC4-4073-A44C-D4A541665E35} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
[2011/07/10 20:42:00 | 000,000,256 | ---- | M] () -- C:\ProgramData\~31448824
[2011/07/10 20:42:00 | 000,000,200 | ---- | M] () -- C:\ProgramData\~31448824r
[2011/07/10 20:09:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\31448824

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Second run of MBR

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Enter 1 and press Enter

This will drop an MBR.dat file on your desktop, could you zip that and attach to your next post

#5
Dark Boo

Posted 20 July 2011 - 05:09 PM

Member

Topic Starter
Member
10 posts

RK Report

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in :
User: Boo [Admin rights]
Mode: Shortcuts HJfix -- Date : 07/20/2011 19:00:54

Bad processes: 0

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 63 / Fail 0
My documents: Success 3 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 23 / Fail 0
Backup: [FOUND] Success 0 / Fail 238

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[1].txt >>
RKreport[1].txt

OTL Report

OTL logfile created on: 7/20/2011 7:01:53 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Boo\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.33 Mb Total Physical Memory | 336.14 Mb Available Physical Memory | 33.17% Memory free
2.41 Gb Paging File | 1.38 Gb Available in Paging File | 57.20% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 9.94 Gb Free Space | 14.25% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 67.74 Gb Free Space | 97.45% Space Free | Partition Type: NTFS

Computer Name: BOO-PC | User Name: Boo | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 23:51:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Boo\Desktop\OTL.exe
PRC - [2011/06/15 14:51:08 | 000,683,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

========== Modules (SafeList) ==========

MOD - [2011/07/14 23:51:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Boo\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/21 21:25:46 | 000,118,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/06/21 21:25:44 | 000,257,736 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/06/21 21:24:12 | 001,076,832 | ---- | M] (Cyberlink) [Auto | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2007/06/05 13:13:28 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/05/22 18:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/05/17 01:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/04/25 19:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/03/14 13:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/21 18:08:15 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nocashio.sys -- (nocashio)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/04 17:23:39 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/26 22:23:07 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\Windows\System32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2009/03/18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/06/18 06:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/06/13 22:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/09/19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Start Searcher"
FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher"
FF - prefs.js..browser.search.defaulturl: "http://www.startsearcher.com/?q="
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AutocompletePro\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/17 11:19:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/10 20:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/15 00:07:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\internetengine
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e641e573-5f45-49f4-a2b6-986c6a89d4ad}: C:\Program Files\Object\searchtoolbar

[2010/06/08 00:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boo\AppData\Roaming\Mozilla\Extensions
[2011/07/11 02:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\extensions
[2011/07/09 16:05:23 | 000,000,000 | ---D | M] (SocialRibbons LP 1) -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}
[2011/07/09 16:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}\chrome\content\dca\core\extensionManager
[2011/06/19 17:48:45 | 000,001,919 | ---- | M] () -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\searchplugins\bing-zugo.xml
[2011/05/21 19:45:45 | 000,002,470 | ---- | M] () -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\searchplugins\safesearch.xml
[2011/07/15 00:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/15 00:08:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/17 11:19:11 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/15 00:07:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ImageShack Toolbar) - {6932D140-ABC4-4073-A44C-D4A541665E35} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} http://toolbar.image...hackToolbar.cab (ImageShack Toolbar)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/21 17:03:18 | 000,000,073 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{88e0a045-0f5f-11df-b61d-001b387763aa}\Shell - "" = AutoRun
O33 - MountPoints2\{88e0a045-0f5f-11df-b61d-001b387763aa}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{be39ce56-742f-11df-89a2-001b387763aa}\Shell - "" = AutoRun
O33 - MountPoints2\{be39ce56-742f-11df-89a2-001b387763aa}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT]
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/07/20 19:00:54 | 000,000,000 | ---D | C] -- C:\Users\Boo\Desktop\RK_Quarantine
[2011/07/20 18:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2011/07/20 18:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/07/20 18:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 5.6
[2011/07/18 20:32:47 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/07/18 17:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/17 20:59:48 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/17 20:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/07/17 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/07/15 02:20:38 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/15 00:49:11 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/15 00:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/15 00:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/15 00:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/15 00:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/07/15 00:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/15 00:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/14 23:51:40 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Boo\Desktop\OTL.exe
[2011/07/14 21:47:44 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\AVG10
[2011/07/14 21:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2011/07/14 21:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/07/14 21:38:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/07/14 21:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/14 21:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/07/14 21:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/12 18:52:16 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\Skype
[2011/07/12 18:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/12 18:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/07/12 18:51:28 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/11 19:17:13 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\skypePM
[2011/07/11 19:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/07/11 13:05:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/11 13:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2011/07/11 13:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista
[2011/07/11 13:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
[2011/07/11 13:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Empowering Technology
[2011/07/11 13:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade
[2011/07/11 13:04:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/11 13:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/11 13:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI-83 Plus Flash Debugger
[2011/07/11 13:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sven Co-op
[2011/07/11 13:04:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/11 13:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/07/11 13:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCHTHACK PSOBB
[2011/07/11 13:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI CD & DVD-Maker 7
[2011/07/11 13:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup NOW! 4.7
[2011/07/11 13:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2011/07/11 13:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/07/11 13:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/11 13:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2011/07/11 13:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/11 13:04:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/11 13:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2011/07/11 13:04:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/11 13:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/07/11 13:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freebies Hack Engine
[2011/07/11 13:04:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
[2011/07/11 13:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2011/07/11 13:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deus Ex
[2011/07/11 13:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/07/11 13:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerProducer
[2011/07/11 13:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/07/10 21:19:57 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\Malwarebytes
[2011/07/10 21:19:48 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/10 21:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/10 21:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/10 17:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/07/09 16:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FreeCause
[2011/07/09 15:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Freebies Hack Engine
[2011/07/07 02:32:42 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\IObit
[2011/07/06 19:44:36 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wheel Of Fortune
[2011/07/05 09:05:25 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Local\WinMainAgent
[2011/06/30 16:49:56 | 000,000,000 | ---D | C] -- C:\Windows\Wheel Of Fortune
[2011/06/30 16:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Wheel Of Fortune
[2011/06/30 14:43:16 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BigJon PCGames Config Wizard
[2011/06/30 14:43:14 | 000,000,000 | ---D | C] -- C:\Windows\BigJon PCGames Config Wizard
[2011/06/30 14:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\BigJon PCGames Config Wizard
[2011/06/30 14:40:03 | 000,000,000 | ---D | C] -- C:\Windows\Your Product
[2011/06/30 14:34:17 | 000,000,000 | ---D | C] -- C:\Temp
[2011/06/20 21:51:40 | 000,000,000 | ---D | C] -- C:\Users\Boo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2010/02/01 14:25:26 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/07/31 09:43:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1998/04/27 01:00:00 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO350.DLL
[31 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/20 18:58:38 | 000,516,608 | ---- | M] () -- C:\Users\Boo\Desktop\RogueKiller.exe
[2011/07/20 10:45:06 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011/07/19 17:11:44 | 000,000,512 | ---- | M] () -- C:\Users\Boo\Desktop\MBR.dat
[2011/07/19 14:47:54 | 000,610,310 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/19 14:47:54 | 000,105,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/19 08:29:16 | 000,001,705 | ---- | M] () -- C:\Users\Boo\Desktop\Wheel Of Fortune.lnk
[2011/07/18 18:07:46 | 122,731,489 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/07/18 17:38:45 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 20:59:15 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/17 18:40:14 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/07/17 11:19:13 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/15 04:18:58 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 04:18:57 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 00:48:38 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/14 23:51:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Boo\Desktop\OTL.exe
[2011/07/14 12:21:59 | 000,383,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/11 19:38:54 | 000,000,056 | ---- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011/07/11 17:53:18 | 000,000,104 | ---- | M] () -- C:\Users\Boo\Desktop\Recycle Bin.lnk
[2011/07/11 17:23:45 | 000,002,645 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2011/07/11 16:41:32 | 000,000,953 | ---- | M] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/07/11 02:05:03 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2011/07/10 20:42:00 | 000,000,256 | ---- | M] () -- C:\ProgramData\~31448824
[2011/07/10 20:42:00 | 000,000,200 | ---- | M] () -- C:\ProgramData\~31448824r
[2011/07/10 20:09:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\31448824
[2011/07/10 18:18:47 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/09 21:16:10 | 000,000,537 | ---- | M] () -- C:\Users\Boo\Documents\Goldeneye.cpf
[2011/07/09 16:38:05 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Freebies Hack Engine.lnk
[2011/07/09 16:38:05 | 000,001,001 | ---- | M] () -- C:\Users\Boo\Desktop\Freebies Hack Engine.lnk
[2011/07/08 23:04:18 | 000,000,396 | ---- | M] () -- C:\Windows\n02.ini
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 15:28:02 | 000,344,064 | ---- | M] () -- C:\Users\Boo\Documents\Database2.accdb
[2011/07/06 15:27:52 | 000,348,160 | ---- | M] () -- C:\Users\Boo\Documents\Database1.accdb
[2011/07/06 14:34:38 | 000,000,258 | R-S- | M] () -- C:\ProgramData\ntuser.pol
[2011/07/05 15:44:18 | 000,000,537 | ---- | M] () -- C:\Users\Boo\Documents\Perfect Dark.cpf
[2011/06/21 18:00:01 | 000,029,696 | ---- | M] () -- C:\Users\Boo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/20 21:51:40 | 000,000,578 | ---- | M] () -- C:\Users\Boo\Desktop\Fraps.lnk
[31 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/20 18:58:36 | 000,516,608 | ---- | C] () -- C:\Users\Boo\Desktop\RogueKiller.exe
[2011/07/20 18:53:17 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/07/20 18:53:17 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/07/20 18:53:17 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\TI-83 Plus Flash Debugger.lnk
[2011/07/20 18:53:17 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/20 18:53:17 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Acer Arcade.lnk
[2011/07/20 18:53:17 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/07/20 18:53:17 | 000,001,698 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/07/20 18:53:17 | 000,001,641 | ---- | C] () -- C:\Users\Public\Desktop\Empowering Technology.lnk
[2011/07/20 18:53:17 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2011/07/20 18:53:17 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Freebies Hack Engine.lnk
[2011/07/20 18:53:17 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011/07/20 18:53:17 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2011/07/20 18:53:17 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/20 18:53:17 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/07/20 18:53:14 | 000,000,947 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/19 17:11:44 | 000,000,512 | ---- | C] () -- C:\Users\Boo\Desktop\MBR.dat
[2011/07/18 18:07:46 | 122,731,489 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/07/17 20:59:15 | 000,000,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/07/17 20:59:15 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/17 18:40:14 | 000,000,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/07/17 18:40:14 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/07/15 00:48:38 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/14 21:42:30 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/12 18:51:30 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/11 19:38:54 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/07/11 17:53:18 | 000,000,104 | ---- | C] () -- C:\Users\Boo\Desktop\Recycle Bin.lnk
[2011/07/11 16:41:32 | 000,000,953 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/07/11 13:29:11 | 000,000,240 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/07/11 13:29:10 | 000,001,722 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/07/11 13:29:10 | 000,001,699 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/07/11 13:29:10 | 000,000,258 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/11 13:29:10 | 000,000,199 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer HD Audio Manager - Shortcut.lnk
[2011/07/11 13:13:43 | 000,002,102 | ---- | C] () -- C:\Users\Boo\Desktop\TI-83 Plus Flash Debugger.lnk
[2011/07/11 13:13:43 | 000,000,965 | ---- | C] () -- C:\Users\Boo\Desktop\Switch to Gaming Mode.lnk
[2011/07/11 13:13:42 | 000,002,156 | ---- | C] () -- C:\Users\Boo\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/07/11 13:13:42 | 000,001,891 | ---- | C] () -- C:\Users\Boo\Desktop\Adobe Reader 9.lnk
[2011/07/11 13:13:42 | 000,001,867 | ---- | C] () -- C:\Users\Boo\Desktop\Acer Arcade.lnk
[2011/07/11 13:13:42 | 000,001,739 | ---- | C] () -- C:\Users\Boo\Desktop\DAEMON Tools Lite.lnk
[2011/07/11 13:13:42 | 000,001,698 | ---- | C] () -- C:\Users\Boo\Desktop\AIM.lnk
[2011/07/11 13:13:42 | 000,001,641 | ---- | C] () -- C:\Users\Boo\Desktop\Empowering Technology.lnk
[2011/07/11 13:13:42 | 000,001,001 | ---- | C] () -- C:\Users\Boo\Desktop\Freebies Hack Engine.lnk
[2011/07/11 13:13:42 | 000,000,953 | ---- | C] () -- C:\Users\Boo\Desktop\Game Booster.lnk
[2011/07/11 13:13:42 | 000,000,850 | ---- | C] () -- C:\Users\Boo\Desktop\Mozilla Firefox.lnk
[2011/07/11 13:13:42 | 000,000,756 | ---- | C] () -- C:\Users\Boo\Desktop\µTorrent.lnk
[2011/07/11 13:04:58 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2011/07/11 13:04:57 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/11 13:04:56 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/07/11 13:04:56 | 000,001,245 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/07/11 13:04:54 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2011/07/11 13:04:52 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Easy Transfer 7.lnk
[2011/07/11 13:04:50 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2011/07/11 13:04:45 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2011/07/11 13:04:45 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2011/07/11 13:04:44 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2011/07/11 13:04:43 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/11 13:04:43 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/07/11 13:04:43 | 000,001,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/07/11 13:04:43 | 000,001,731 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Registration.lnk
[2011/07/11 13:04:43 | 000,001,711 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
[2011/07/11 13:04:43 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/11 13:04:41 | 000,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
[2011/07/11 02:05:03 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2011/07/10 21:19:48 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/10 20:48:35 | 000,000,874 | ---- | C] () -- C:\Users\Boo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/10 20:14:44 | 000,000,256 | ---- | C] () -- C:\ProgramData\~31448824
[2011/07/10 20:14:44 | 000,000,200 | ---- | C] () -- C:\ProgramData\~31448824r
[2011/07/10 20:09:01 | 000,000,336 | ---- | C] () -- C:\ProgramData\31448824
[2011/07/06 19:44:36 | 000,001,705 | ---- | C] () -- C:\Users\Boo\Desktop\Wheel Of Fortune.lnk
[2011/07/06 15:27:58 | 000,344,064 | ---- | C] () -- C:\Users\Boo\Documents\Database2.accdb
[2011/07/06 15:27:38 | 000,348,160 | ---- | C] () -- C:\Users\Boo\Documents\Database1.accdb
[2011/07/05 15:44:18 | 000,000,537 | ---- | C] () -- C:\Users\Boo\Documents\Perfect Dark.cpf
[2011/07/05 15:44:06 | 000,000,537 | ---- | C] () -- C:\Users\Boo\Documents\Goldeneye.cpf
[2011/06/20 21:51:40 | 000,000,578 | ---- | C] () -- C:\Users\Boo\Desktop\Fraps.lnk
[2011/06/20 16:54:33 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2011/06/20 16:54:24 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/20 16:54:24 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/21 18:08:15 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\nocashio.sys
[2010/11/04 17:32:02 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/17 16:58:29 | 000,000,113 | ---- | C] () -- C:\Windows\System32\NemuAudio08.ini
[2010/06/08 00:08:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/28 13:55:28 | 000,000,552 | ---- | C] () -- C:\Users\Boo\AppData\Local\d3d8caps.dat
[2010/03/14 18:28:24 | 000,029,696 | ---- | C] () -- C:\Users\Boo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/27 22:29:33 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2010/02/27 04:02:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/02/26 22:43:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/26 22:43:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/07 01:20:10 | 000,000,396 | ---- | C] () -- C:\Windows\n02.ini
[2010/02/01 16:46:56 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2010/02/01 16:46:48 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2010/02/01 15:38:30 | 000,003,366 | ---- | C] () -- C:\Users\Boo\AppData\Roaming\wklnhst.dat
[2010/02/01 15:26:47 | 000,001,764 | ---- | C] () -- C:\Windows\kaillera.ini
[2010/02/01 14:25:26 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/07/31 11:01:29 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/31 09:50:23 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/07/31 09:44:29 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/07/31 09:44:29 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/07/31 09:43:32 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/07/31 08:07:59 | 000,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/31 08:07:10 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/31 08:07:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/04/25 19:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 19:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 19:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 19:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 19:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 19:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 18:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 08:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 08:53:49 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,383,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,610,310 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/02/01 14:43:24 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\acccore
[2010/02/01 14:30:13 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\Acer
[2011/07/14 21:47:44 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\AVG10
[2011/07/07 02:48:34 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\BitTorrent
[2011/07/17 20:59:48 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/07/05 00:03:03 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/09 21:36:54 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\DAEMON Tools Lite
[2010/08/29 17:35:53 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\fltk.org
[2010/08/22 00:51:45 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\gtk-2.0
[2011/07/07 02:32:42 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\IObit
[2010/02/27 21:44:18 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\iWin
[2010/02/01 14:30:02 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\Leadertech
[2010/08/24 17:30:11 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\Mael
[2010/12/23 02:45:21 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\ooVoo Details
[2010/07/03 16:44:56 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\SEGA
[2011/05/29 16:42:14 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\SoftGrid Client
[2010/02/01 15:38:33 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\Template
[2010/11/10 23:52:51 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\Tific
[2011/04/01 20:50:47 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\TP
[2011/07/19 15:14:59 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\uTorrent
[2010/07/04 23:18:35 | 000,000,000 | ---D | M] -- C:\Users\Boo\AppData\Roaming\WhiteSmokeSetup
[2011/07/18 18:49:46 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/01 13:29:18 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2DACE64E-2D18-4342-B58D-D61ABDCDA777}.job

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\..\URLSearchHook: - Reg Error: Key error. File not found >

< IE - HKU\S-1-5-21-397108202-2752575421-25471281-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found >

< FF - prefs.js..browser.search.defaultenginename: "Start Searcher" >

< FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher" >

< FF - prefs.js..browser.search.defaulturl: "http://www.startsearcher.com/?q=" >

< FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\internetengine >

< FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e641e573-5f45-49f4-a2b6-986c6a89d4ad}: C:\Program Files\Object\searchtoolbar >

< [2011/07/09 16:05:23 | 000,000,000 | ---D | M] (SocialRibbons LP 1) -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92} >
Invalid Switch: 09 16:05:23 | 000,000,000 | ---D | M] (SocialRibbons LP 1) -- C:\Users\Boo\AppData\Roaming\Mozilla\Firefox\Profiles\cork2tv8.default\extensions\{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}

< O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. >

< O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. >

< O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. >

< O3 - HKLM\..\Toolbar: (ImageShack Toolbar) - {6932D140-ABC4-4073-A44C-D4A541665E35} - Reg Error: Value error. File not found >

< O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. >

< O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. >

< [2011/07/10 20:42:00 | 000,000,256 | ---- | M] () -- C:\ProgramData\~31448824 >
Invalid Switch: 10 20:42:00 | 000,000,256 | ---- | M] () -- C:\ProgramData\~31448824

< [2011/07/10 20:42:00 | 000,000,200 | ---- | M] () -- C:\ProgramData\~31448824r >
Invalid Switch: 10 20:42:00 | 000,000,200 | ---- | M] () -- C:\ProgramData\~31448824r

< [2011/07/10 20:09:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\31448824 >
Invalid Switch: 10 20:09:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\31448824

< >

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< >

< :Commands >

< [purity] >

< [resethosts] >

< [EMPTYFLASH] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:CF54F1CA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

MBR Report

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-20 19:06:22
-----------------------------
19:06:22.013 OS Version: Windows 6.0.6002 Service Pack 2
19:06:22.013 Number of processors: 1 586 0x1601
19:06:22.013 ComputerName: BOO-PC UserName: Boo
19:06:23.745 Initialize success
19:06:29.797 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:06:29.797 Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 3
19:06:29.813 Disk 0 MBR read successfully
19:06:29.813 Disk 0 MBR scan
19:06:29.829 Disk 0 unknown MBR code
19:06:29.829 Disk 0 scanning sectors +312578048
19:06:29.922 Disk 0 scanning C:\Windows\system32\drivers
19:06:38.268 Service scanning
19:06:40.390 Disk 0 trace - called modules:
19:06:40.483 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85146f16]<<
19:06:40.499 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8512a820]
19:06:40.499 3 CLASSPNP.SYS[86dd68b3] -> nt!IofCallDriver -> [0x8500f918]
19:06:40.499 5 acpi.sys[82b886bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84ff3230]
19:06:40.515 \Driver\atapi[0x84fc7b50] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x85146f16
19:06:41.029 Scan finished successfully
19:07:31.091 Disk 0 MBR has been saved successfully to "C:\Users\Boo\Desktop\MBR.dat"
19:07:31.106 The log file has been saved successfully to "C:\Users\Boo\Desktop\aswMBR.txt"

Did I do this wrong?

#6
Essexboy

Posted 21 July 2011 - 10:57 AM

GeekU Moderator

Retired Staff
69,964 posts

Aye it looks as though you pressed run scan instead of run Fix for OTL

You also ran aswMBR again instead of running the second programme MBRCheck

Have all your shortcuts and files returned

Could you redo the previous post please ensuring that you press run fix on OTL after pasting the script in

#7
Dark Boo

Posted 21 July 2011 - 12:07 PM

Member

Topic Starter
Member
10 posts

Gah
Why doesn't OTL produces a log? It's stop producing logs...
And I don't see a zip file neither (I got this file I named LOL after I did another MBRCheck and I picked dump 0 and got the file
I only have this

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in :
User: Boo [Admin rights]
Mode: Shortcuts HJfix -- Date : 07/21/2011 13:32:07

Bad processes: 0

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 5 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1 / Fail 0
Backup: [FOUND] Success 2 / Fail 236

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[1].txt >>
RKreport[1].txt

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5315
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 147):
0x82402000 \SystemRoot\system32\ntoskrnl.exe
0x827AD000 \SystemRoot\system32\hal.dll
0x8280A000 \SystemRoot\system32\kdcom.dll
0x8280C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8287C000 \SystemRoot\system32\PSHED.dll
0x8288D000 \SystemRoot\system32\BOOTVID.dll
0x82895000 \SystemRoot\system32\CLFS.SYS
0x828D6000 \SystemRoot\system32\CI.dll
0x829B6000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A32000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82B52000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82B5B000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x82B81000 \SystemRoot\system32\drivers\acpi.sys
0x82BC7000 \SystemRoot\system32\drivers\msisadrv.sys
0x82BCF000 \SystemRoot\system32\drivers\pci.sys
0x86800000 \SystemRoot\System32\drivers\partmgr.sys
0x8680F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x86812000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8681C000 \SystemRoot\system32\drivers\volmgr.sys
0x8682B000 \SystemRoot\System32\drivers\volmgrx.sys
0x86875000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8687C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8688A000 \SystemRoot\system32\DRIVERS\pciide.sys
0x86891000 \SystemRoot\System32\drivers\mountmgr.sys
0x868A1000 \SystemRoot\system32\drivers\atapi.sys
0x868A9000 \SystemRoot\system32\drivers\ataport.SYS
0x868C7000 \SystemRoot\system32\drivers\msahci.sys
0x868D1000 \SystemRoot\system32\drivers\fltmgr.sys
0x86903000 \SystemRoot\system32\drivers\fileinfo.sys
0x86913000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8691C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8698D000 \SystemRoot\system32\drivers\ndis.sys
0x86A98000 \SystemRoot\system32\drivers\msrpc.sys
0x86AC3000 \SystemRoot\system32\drivers\NETIO.SYS
0x86AFE000 \SystemRoot\System32\drivers\tcpip.sys
0x86C04000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86C1F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86D2F000 \SystemRoot\system32\drivers\volsnap.sys
0x86D70000 \SystemRoot\system32\drivers\psdvdisk.sys
0x86D82000 \SystemRoot\system32\drivers\PSDNServ.sys
0x86D8B000 \SystemRoot\System32\Drivers\mup.sys
0x86D9A000 \SystemRoot\System32\drivers\ecache.sys
0x86DC1000 \SystemRoot\system32\drivers\disk.sys
0x86DD2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x86DF3000 \SystemRoot\system32\drivers\crcdisk.sys
0x86DFC000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x86E03000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x86E34000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86E3F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86E48000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B40A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BAC5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BB65000 \SystemRoot\System32\drivers\watchdog.sys
0x8BB71000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BB7C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BBBA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x86E57000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BBC9000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x86EE4000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x86F8F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B400000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x86FA2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x86FAD000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x86FD8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BBF8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x86FE3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BBFC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x86E29000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x82A3F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x82A6E000 \SystemRoot\system32\DRIVERS\storport.sys
0x86BE8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x82AAF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x86BF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x82AC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82AE9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82AF8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82B0C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x82B21000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BBFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BC03000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BC2D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BC37000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BC44000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BC79000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BE2E000 \SystemRoot\system32\drivers\portcls.sys
0x8BE5B000 \SystemRoot\system32\drivers\drmk.sys
0x8BE80000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x8BEBC000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x8C00D000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x8C0C0000 \SystemRoot\system32\drivers\modem.sys
0x8C0CD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C0DE000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8C0EA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C0F3000 \SystemRoot\System32\Drivers\Null.SYS
0x8C0FA000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C101000 \SystemRoot\System32\drivers\vga.sys
0x8C10D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C12E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C136000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C13E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C149000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C157000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C160000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C176000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C18A000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8C1D1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C203000 \SystemRoot\system32\drivers\afd.sys
0x8C24B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C261000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C26F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C282000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8C2A4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8C2AA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C2E6000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x8C2EA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C2F4000 \SystemRoot\System32\Drivers\hwinterface.sys
0x8C2F5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C30C000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8C348000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C355000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C360000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x93450000 \SystemRoot\System32\win32k.sys
0x8C36A000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C374000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93670000 \SystemRoot\System32\TSDDD.dll
0x93690000 \SystemRoot\System32\cdd.dll
0x8C383000 \SystemRoot\system32\drivers\luafv.sys
0x8C3B6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8C3E0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7800000 \SystemRoot\system32\drivers\HTTP.sys
0xA786D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA788A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA78A3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA78B8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA78D7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA7910000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA7928000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA7950000 \SystemRoot\System32\DRIVERS\srv.sys
0xA799F000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA79A5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA79BB000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA79CC000 \SystemRoot\system32\drivers\peauth.sys
0xA7AAA000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA7AB4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA7AC0000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA7AC5000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x77870000 \Windows\System32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
508 csrss.exe
548 csrss.exe
556 C:\Windows\System32\wininit.exe
588 C:\Windows\System32\winlogon.exe
636 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
816 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\audiodg.exe
1168 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\svchost.exe
1780 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1792 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
1852 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
1948 C:\Windows\System32\taskeng.exe
1988 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
320 C:\Windows\System32\dwm.exe
476 C:\Windows\explorer.exe
1176 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
460 C:\Acer\Empowering Technology\eNet\eNet Service.exe
1628 C:\Program Files\AVG\AVG10\avgam.exe
1760 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
904 C:\Program Files\AVG\AVG10\avgnsx.exe
488 C:\Acer\Mobility Center\MobilityService.exe
2232 C:\Windows\System32\svchost.exe
2260 C:\Windows\System32\svchost.exe
2308 C:\Windows\System32\svchost.exe
2336 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2512 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
2656 C:\Windows\System32\SearchIndexer.exe
2764 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2784 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
2824 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2932 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3012 WmiPrvSE.exe
3204 unsecapp.exe
3908 C:\Windows\System32\taskeng.exe
1832 C:\Program Files\AVG\AVG10\avgcsrvx.exe
3284 C:\Windows\System32\wbem\unsecapp.exe
1920 C:\Program Files\Windows Media Player\wmpnscfg.exe
3780 C:\Windows\System32\svchost.exe
3180 C:\Windows\System32\wuauclt.exe
2676 C:\Windows\System32\wermgr.exe
1844 C:\Program Files\Mozilla Firefox\firefox.exe
1812 C:\Program Files\Internet Explorer\iexplore.exe
2444 C:\Users\Boo\Desktop\OTL.exe
3520 taskeng.exe
3820 C:\Users\Boo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e2200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-22RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5315
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 147):
0x82402000 \SystemRoot\system32\ntoskrnl.exe
0x827AD000 \SystemRoot\system32\hal.dll
0x8280A000 \SystemRoot\system32\kdcom.dll
0x8280C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8287C000 \SystemRoot\system32\PSHED.dll
0x8288D000 \SystemRoot\system32\BOOTVID.dll
0x82895000 \SystemRoot\system32\CLFS.SYS
0x828D6000 \SystemRoot\system32\CI.dll
0x829B6000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A32000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82B52000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82B5B000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x82B81000 \SystemRoot\system32\drivers\acpi.sys
0x82BC7000 \SystemRoot\system32\drivers\msisadrv.sys
0x82BCF000 \SystemRoot\system32\drivers\pci.sys
0x86800000 \SystemRoot\System32\drivers\partmgr.sys
0x8680F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x86812000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8681C000 \SystemRoot\system32\drivers\volmgr.sys
0x8682B000 \SystemRoot\System32\drivers\volmgrx.sys
0x86875000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8687C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8688A000 \SystemRoot\system32\DRIVERS\pciide.sys
0x86891000 \SystemRoot\System32\drivers\mountmgr.sys
0x868A1000 \SystemRoot\system32\drivers\atapi.sys
0x868A9000 \SystemRoot\system32\drivers\ataport.SYS
0x868C7000 \SystemRoot\system32\drivers\msahci.sys
0x868D1000 \SystemRoot\system32\drivers\fltmgr.sys
0x86903000 \SystemRoot\system32\drivers\fileinfo.sys
0x86913000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8691C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8698D000 \SystemRoot\system32\drivers\ndis.sys
0x86A98000 \SystemRoot\system32\drivers\msrpc.sys
0x86AC3000 \SystemRoot\system32\drivers\NETIO.SYS
0x86AFE000 \SystemRoot\System32\drivers\tcpip.sys
0x86C04000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86C1F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86D2F000 \SystemRoot\system32\drivers\volsnap.sys
0x86D70000 \SystemRoot\system32\drivers\psdvdisk.sys
0x86D82000 \SystemRoot\system32\drivers\PSDNServ.sys
0x86D8B000 \SystemRoot\System32\Drivers\mup.sys
0x86D9A000 \SystemRoot\System32\drivers\ecache.sys
0x86DC1000 \SystemRoot\system32\drivers\disk.sys
0x86DD2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x86DF3000 \SystemRoot\system32\drivers\crcdisk.sys
0x86DFC000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x86E03000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x86E34000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86E3F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86E48000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B40A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BAC5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BB65000 \SystemRoot\System32\drivers\watchdog.sys
0x8BB71000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BB7C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BBBA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x86E57000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BBC9000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x86EE4000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x86F8F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B400000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x86FA2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x86FAD000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x86FD8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BBF8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x86FE3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BBFC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x86E29000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x82A3F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x82A6E000 \SystemRoot\system32\DRIVERS\storport.sys
0x86BE8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x82AAF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x86BF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x82AC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82AE9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82AF8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82B0C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x82B21000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BBFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BC03000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BC2D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BC37000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BC44000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BC79000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BE2E000 \SystemRoot\system32\drivers\portcls.sys
0x8BE5B000 \SystemRoot\system32\drivers\drmk.sys
0x8BE80000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x8BEBC000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x8C00D000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x8C0C0000 \SystemRoot\system32\drivers\modem.sys
0x8C0CD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C0DE000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8C0EA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C0F3000 \SystemRoot\System32\Drivers\Null.SYS
0x8C0FA000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C101000 \SystemRoot\System32\drivers\vga.sys
0x8C10D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C12E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C136000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C13E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C149000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C157000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C160000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C176000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C18A000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8C1D1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C203000 \SystemRoot\system32\drivers\afd.sys
0x8C24B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C261000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C26F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C282000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8C2A4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8C2AA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C2E6000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x8C2EA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C2F4000 \SystemRoot\System32\Drivers\hwinterface.sys
0x8C2F5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C30C000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8C348000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C355000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C360000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x93450000 \SystemRoot\System32\win32k.sys
0x8C36A000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C374000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93670000 \SystemRoot\System32\TSDDD.dll
0x93690000 \SystemRoot\System32\cdd.dll
0x8C383000 \SystemRoot\system32\drivers\luafv.sys
0x8C3B6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8C3E0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7800000 \SystemRoot\system32\drivers\HTTP.sys
0xA786D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA788A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA78A3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA78B8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA78D7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA7910000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA7928000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA7950000 \SystemRoot\System32\DRIVERS\srv.sys
0xA799F000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA79A5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA79BB000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA79CC000 \SystemRoot\system32\drivers\peauth.sys
0xA7AAA000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA7AB4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA7AC0000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA7AC5000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x77870000 \Windows\System32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
508 csrss.exe
548 csrss.exe
556 C:\Windows\System32\wininit.exe
588 C:\Windows\System32\winlogon.exe
636 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
816 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\audiodg.exe
1168 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\svchost.exe
1780 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1792 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
1852 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
1948 C:\Windows\System32\taskeng.exe
1988 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
320 C:\Windows\System32\dwm.exe
476 C:\Windows\explorer.exe
1176 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
460 C:\Acer\Empowering Technology\eNet\eNet Service.exe
1628 C:\Program Files\AVG\AVG10\avgam.exe
1760 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
904 C:\Program Files\AVG\AVG10\avgnsx.exe
488 C:\Acer\Mobility Center\MobilityService.exe
2232 C:\Windows\System32\svchost.exe
2260 C:\Windows\System32\svchost.exe
2308 C:\Windows\System32\svchost.exe
2336 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2512 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
2656 C:\Windows\System32\SearchIndexer.exe
2764 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2784 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
2824 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2932 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3012 WmiPrvSE.exe
3204 unsecapp.exe
3908 C:\Windows\System32\taskeng.exe
1832 C:\Program Files\AVG\AVG10\avgcsrvx.exe
3284 C:\Windows\System32\wbem\unsecapp.exe
1920 C:\Program Files\Windows Media Player\wmpnscfg.exe
3780 C:\Windows\System32\svchost.exe
3180 C:\Windows\System32\wuauclt.exe
2676 C:\Windows\System32\wermgr.exe
1844 C:\Program Files\Mozilla Firefox\firefox.exe
1812 C:\Program Files\Internet Explorer\iexplore.exe
2444 C:\Users\Boo\Desktop\OTL.exe
3004 C:\Windows\System32\SearchProtocolHost.exe
4000 C:\Windows\System32\SearchFilterHost.exe
2212 C:\Users\Boo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e2200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-22RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1...
Enter filename to dump to: HereError opening disk (2)!

Enter the physical disk number to dump (0-99, -1 to exit):

IT SAY I'M NOT PERMITTED TO UPLOAD THIS KIND OF FILE
SO YOU CAN USE THIS... http://www.mediafire...88txofgwwpfhydj

#8
Essexboy

Posted 21 July 2011 - 12:27 PM

GeekU Moderator

Retired Staff
69,964 posts

OTL should produce a fix log once it has completed

The MBR is infected
[attachment=51414:Capture.GIF]

Time to repair I feel
OK the MBR is bad as suspected

Do you have the windows CD ?

If not could you create a recovery disc as shown on this page

Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here

When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

Bootrec.exe /FixMbr
Once finished type Exit

Reboot to normal windows and run MBRcheck again please

#9
Dark Boo

Posted 21 July 2011 - 01:25 PM

Member

Topic Starter
Member
10 posts

I don't run x64 Windows 7
I run x32 Vista
Still download the x64 Windows 7?
And I don't have any blank discs to burn it on

Edited by Dark Boo, 21 July 2011 - 02:16 PM.

#10
Essexboy

Posted 21 July 2011 - 02:05 PM

GeekU Moderator

Retired Staff
69,964 posts

You should be able to make your own CD rather than download if you follow the instructions on this page although it is for 7, Vista is created in exactly the same way and as it uses your system files then it will work properly

#11
Dark Boo

Posted 21 July 2011 - 06:55 PM

Member

Topic Starter
Member
10 posts

I'm sorry but I don't understand those instructions on that page and I get dazzled and confused.
Can you give me step-by-step instructions for Vista because I can't find it and I also don't even have A Blank Discto do so

Can I use a USB Drive?

Edited by Dark Boo, 22 July 2011 - 09:23 AM.

#12
Essexboy

Posted 22 July 2011 - 09:27 AM

GeekU Moderator

Retired Staff
69,964 posts

If you can get a CD then try this method (the boys here have developed the destructions)

Create a Windows 7/Vista System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

recdisc.exe
Allow the UAC(User Account Control) prompt via selecting Yes.
You should now see a menu like the below:-

Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
Note: If a AutoPlay window pops up, just close it.
When the SRD has been created you will see the below:-

Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
You now have a Windows 7 System Repair Disc.

IF you cannot get a cd lets try this as it has been recently updated

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#13
Dark Boo

Posted 22 July 2011 - 11:56 AM

Member

Topic Starter
Member
10 posts

I'm in Safe Mode now so I'll have to boot my computer up in normal mode in order to do this process right?

#14
Dark Boo

Posted 22 July 2011 - 11:57 AM

Member

Topic Starter
Member
10 posts

I'm in Safe Mode now so I'll have to boot my computer up in normal mode in order to do this process right?

#15
Dark Boo

Posted 22 July 2011 - 12:18 PM

Member

Topic Starter
Member
10 posts

2011/07/22 14:01:27.0863 0972 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/22 14:01:28.0193 0972 ================================================================================
2011/07/22 14:01:28.0193 0972 SystemInfo:
2011/07/22 14:01:28.0193 0972
2011/07/22 14:01:28.0193 0972 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/22 14:01:28.0193 0972 Product type: Workstation
2011/07/22 14:01:28.0193 0972 ComputerName: BOO-PC
2011/07/22 14:01:28.0194 0972 UserName: Boo
2011/07/22 14:01:28.0194 0972 Windows directory: C:\Windows
2011/07/22 14:01:28.0194 0972 System windows directory: C:\Windows
2011/07/22 14:01:28.0194 0972 Processor architecture: Intel x86
2011/07/22 14:01:28.0194 0972 Number of processors: 1
2011/07/22 14:01:28.0194 0972 Page size: 0x1000
2011/07/22 14:01:28.0194 0972 Boot type: Unknown 3
2011/07/22 14:01:28.0194 0972 ================================================================================
2011/07/22 14:01:29.0964 0972 Initialize success
2011/07/22 14:01:48.0676 5384 ================================================================================
2011/07/22 14:01:48.0676 5384 Scan started
2011/07/22 14:01:48.0676 5384 Mode: Manual;
2011/07/22 14:01:48.0676 5384 ================================================================================
2011/07/22 14:01:52.0154 5384 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/22 14:01:52.0283 5384 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/22 14:01:52.0382 5384 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/22 14:01:52.0493 5384 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/22 14:01:52.0604 5384 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/22 14:01:52.0745 5384 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/22 14:01:52.0838 5384 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/22 14:01:52.0873 5384 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/22 14:01:52.0975 5384 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/07/22 14:01:53.0008 5384 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/22 14:01:53.0030 5384 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/07/22 14:01:53.0080 5384 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/22 14:01:53.0123 5384 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/22 14:01:53.0214 5384 ApfiltrService (db8ea68e5864adf61b73516788659e71) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/22 14:01:53.0281 5384 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/22 14:01:53.0323 5384 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/22 14:01:53.0382 5384 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/22 14:01:53.0456 5384 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/22 14:01:53.0528 5384 athr (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys
2011/07/22 14:01:53.0679 5384 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/07/22 14:01:53.0762 5384 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/07/22 14:01:53.0799 5384 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/07/22 14:01:53.0889 5384 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/07/22 14:01:53.0944 5384 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/07/22 14:01:53.0996 5384 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/07/22 14:01:54.0040 5384 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/07/22 14:01:54.0104 5384 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/07/22 14:01:54.0168 5384 b57nd60x (c7ea0e3e37ff1cd2bb65636448322572) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/22 14:01:54.0343 5384 BCM43XX (c052c0b184fa6801c43cee12145c397a) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/22 14:01:54.0466 5384 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/22 14:01:54.0608 5384 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/22 14:01:54.0691 5384 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/22 14:01:54.0775 5384 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/22 14:01:54.0885 5384 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/22 14:01:55.0035 5384 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/22 14:01:55.0095 5384 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/22 14:01:55.0135 5384 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/22 14:01:55.0363 5384 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/22 14:01:55.0594 5384 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/22 14:01:55.0962 5384 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/22 14:01:56.0072 5384 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/22 14:01:56.0207 5384 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/22 14:01:56.0559 5384 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/22 14:01:56.0640 5384 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/07/22 14:01:56.0756 5384 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/22 14:01:56.0786 5384 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/22 14:01:56.0843 5384 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/22 14:01:57.0006 5384 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/22 14:01:57.0072 5384 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/22 14:01:57.0359 5384 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/07/22 14:01:57.0597 5384 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/07/22 14:01:57.0818 5384 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/22 14:01:58.0130 5384 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/22 14:01:58.0259 5384 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/22 14:01:58.0709 5384 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/22 14:01:59.0873 5384 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/22 14:02:00.0286 5384 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/22 14:02:00.0617 5384 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/22 14:02:00.0868 5384 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/22 14:02:01.0149 5384 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/22 14:02:01.0407 5384 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/22 14:02:01.0787 5384 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/22 14:02:01.0977 5384 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/22 14:02:02.0206 5384 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/22 14:02:02.0565 5384 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/22 14:02:03.0100 5384 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/22 14:02:03.0321 5384 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/22 14:02:03.0535 5384 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/22 14:02:03.0741 5384 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/22 14:02:03.0836 5384 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/22 14:02:04.0167 5384 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/22 14:02:04.0353 5384 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/22 14:02:04.0612 5384 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/22 14:02:04.0904 5384 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/07/22 14:02:05.0370 5384 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/07/22 14:02:05.0607 5384 hwinterface (448bb2fe30f1dde9eaa4f0e87b52b687) C:\Windows\system32\Drivers\hwinterface.sys
2011/07/22 14:02:05.0815 5384 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/22 14:02:05.0946 5384 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/22 14:02:06.0208 5384 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/22 14:02:06.0497 5384 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/22 14:02:06.0766 5384 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/22 14:02:06.0860 5384 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/07/22 14:02:07.0097 5384 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/22 14:02:07.0474 5384 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/22 14:02:07.0675 5384 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/22 14:02:07.0985 5384 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/22 14:02:08.0359 5384 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/22 14:02:08.0518 5384 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/22 14:02:08.0761 5384 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/22 14:02:08.0943 5384 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/22 14:02:09.0200 5384 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/22 14:02:09.0342 5384 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/22 14:02:09.0784 5384 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/22 14:02:10.0115 5384 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/22 14:02:10.0478 5384 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/07/22 14:02:10.0707 5384 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/22 14:02:11.0034 5384 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/22 14:02:11.0291 5384 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/22 14:02:11.0526 5384 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/22 14:02:11.0628 5384 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/22 14:02:11.0774 5384 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/22 14:02:12.0090 5384 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/22 14:02:12.0718 5384 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/22 14:02:13.0076 5384 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/22 14:02:13.0416 5384 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/22 14:02:13.0723 5384 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2011/07/22 14:02:13.0885 5384 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/22 14:02:14.0037 5384 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/22 14:02:14.0191 5384 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/22 14:02:14.0451 5384 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/22 14:02:14.0606 5384 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/22 14:02:15.0058 5384 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/22 14:02:15.0296 5384 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/22 14:02:15.0644 5384 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/22 14:02:15.0904 5384 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/07/22 14:02:16.0029 5384 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/22 14:02:16.0520 5384 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/22 14:02:17.0235 5384 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/22 14:02:17.0544 5384 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/22 14:02:17.0735 5384 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/22 14:02:17.0853 5384 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/22 14:02:17.0978 5384 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/22 14:02:18.0100 5384 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/22 14:02:18.0224 5384 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/22 14:02:18.0382 5384 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/22 14:02:18.0579 5384 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/22 14:02:19.0004 5384 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/22 14:02:19.0267 5384 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/22 14:02:19.0962 5384 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/22 14:02:22.0986 5384 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/22 14:02:23.0318 5384 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/22 14:02:26.0793 5384 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/22 14:02:29.0284 5384 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/22 14:02:29.0977 5384 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/22 14:02:30.0443 5384 nocashio (03bba4dedefb48c510061529651b453a) C:\Windows\system32\drivers\nocashio.sys
2011/07/22 14:02:31.0236 5384 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/22 14:02:31.0650 5384 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/22 14:02:32.0880 5384 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/22 14:02:33.0226 5384 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/07/22 14:02:34.0278 5384 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/22 14:02:36.0442 5384 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/22 14:02:36.0990 5384 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/22 14:02:37.0315 5384 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/22 14:02:37.0455 5384 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/22 14:02:43.0098 5384 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/07/22 14:02:49.0124 5384 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/22 14:02:49.0897 5384 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/22 14:02:50.0725 5384 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/22 14:02:51.0152 5384 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/22 14:02:51.0494 5384 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/22 14:02:52.0078 5384 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/22 14:02:52.0350 5384 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/22 14:02:52.0769 5384 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/22 14:02:53.0252 5384 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/22 14:02:53.0614 5384 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/22 14:02:54.0280 5384 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/07/22 14:02:54.0552 5384 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
2011/07/22 14:02:54.0865 5384 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
2011/07/22 14:02:55.0121 5384 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/22 14:02:55.0598 5384 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/22 14:02:57.0051 5384 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/22 14:02:57.0623 5384 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/22 14:02:57.0901 5384 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/22 14:02:58.0228 5384 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/22 14:02:58.0921 5384 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/22 14:02:59.0144 5384 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/22 14:02:59.0533 5384 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/22 14:02:59.0765 5384 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/22 14:03:00.0019 5384 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/22 14:03:00.0256 5384 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/22 14:03:00.0545 5384 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/22 14:03:01.0015 5384 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/22 14:03:01.0141 5384 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/22 14:03:01.0367 5384 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/22 14:03:01.0569 5384 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/22 14:03:01.0918 5384 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/22 14:03:02.0343 5384 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/22 14:03:02.0508 5384 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/22 14:03:03.0006 5384 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/07/22 14:03:03.0459 5384 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/22 14:03:03.0831 5384 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/22 14:03:04.0135 5384 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/22 14:03:04.0626 5384 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/22 14:03:04.0895 5384 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/22 14:03:05.0295 5384 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/22 14:03:05.0554 5384 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/22 14:03:05.0834 5384 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/22 14:03:06.0204 5384 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
2011/07/22 14:03:07.0584 5384 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/22 14:03:09.0494 5384 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/22 14:03:09.0761 5384 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/22 14:03:11.0240 5384 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/22 14:03:11.0980 5384 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/22 14:03:12.0401 5384 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/22 14:03:12.0670 5384 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/22 14:03:13.0073 5384 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/22 14:03:13.0294 5384 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/22 14:03:13.0557 5384 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/22 14:03:14.0013 5384 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/22 14:03:14.0438 5384 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/22 14:03:14.0554 5384 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/22 14:03:14.0675 5384 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/22 14:03:15.0005 5384 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/22 14:03:15.0104 5384 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/22 14:03:15.0211 5384 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/22 14:03:15.0621 5384 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/22 14:03:15.0987 5384 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/22 14:03:16.0300 5384 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/22 14:03:16.0496 5384 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/22 14:03:16.0613 5384 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/22 14:03:16.0963 5384 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/22 14:03:17.0330 5384 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/22 14:03:17.0836 5384 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/22 14:03:18.0311 5384 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/22 14:03:18.0667 5384 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/22 14:03:20.0708 5384 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/22 14:03:20.0991 5384 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/22 14:03:21.0197 5384 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/07/22 14:03:21.0565 5384 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/22 14:03:21.0791 5384 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/22 14:03:22.0221 5384 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/22 14:03:22.0780 5384 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/22 14:03:23.0245 5384 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/22 14:03:23.0497 5384 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/22 14:03:23.0892 5384 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/07/22 14:03:24.0072 5384 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/22 14:03:24.0256 5384 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/22 14:03:24.0517 5384 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/22 14:03:24.0949 5384 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/22 14:03:25.0214 5384 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/22 14:03:27.0257 5384 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/22 14:03:28.0282 5384 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/22 14:03:28.0870 5384 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/22 14:03:29.0243 5384 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/22 14:03:29.0579 5384 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/07/22 14:03:29.0896 5384 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/22 14:03:30.0168 5384 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/22 14:03:30.0358 5384 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/22 14:03:30.0568 5384 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/07/22 14:03:30.0816 5384 WSVD (2584df81cc9f7e7bd3545691106f8cae) C:\Windows\system32\drivers\WSVD.sys
2011/07/22 14:03:31.0242 5384 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/22 14:03:31.0529 5384 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\Windows\system32\DRIVERS\xusb21.sys
2011/07/22 14:03:31.0598 5384 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/22 14:03:31.0660 5384 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/07/22 14:03:31.0754 5384 Boot (0x1200) (8891c83c018a88cc195004edb4fedbfa) \Device\Harddisk0\DR0\Partition0
2011/07/22 14:03:31.0815 5384 Boot (0x1200) (e12ddd87d9221c69e9403870be9ce763) \Device\Harddisk0\DR0\Partition1
2011/07/22 14:03:31.0827 5384 ================================================================================
2011/07/22 14:03:31.0827 5384 Scan finished
2011/07/22 14:03:31.0827 5384 ================================================================================
2011/07/22 14:03:32.0013 3136 Detected object count: 1
2011/07/22 14:03:32.0014 3136 Actual detected object count: 1
2011/07/22 14:04:12.0921 3136 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/07/22 14:04:12.0922 3136 \Device\Harddisk0\DR0 - ok
2011/07/22 14:04:13.0188 3136 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/22 14:05:14.0633 3036 Deinitialize success