Inactive AVG picks up Trojan Horse Crypt.AQLW

Status
Not open for further replies.
M

Marshy23

Posts: 18   +0
Hi, AVG pick up multiple files with trojan horses but won't let me remove them. I ran gmer yesterday and it picked up a file called Ping.exe, I later ran TDSKiller and GMER hasn't picked up anything after that. In fact AVG didn't pick up anything yesterday after that so I thought it was fixed but now it's picking up trojan horses again with random names in my system32 folder. Any help would be much appreciated.

Here are my logs:


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.28.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Chloe :: STUDENT00060804 [administrator]

Protection: Enabled

29/02/2012 18:33:05
mbam-log-2012-02-29 (18-33-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183829
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



(GMER did not create a log but I mentioned yesterday it picked up on a file called ping.exe)






.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26
Run by Chloe at 19:25:10 on 2012-02-29
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.3000.1375 [GMT 0:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Chloe\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{3B150B73-0B6D-4752-930B-8DD2FA4C828C} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{9E6AD12D-A78C-4827-9AB5-53B3564CF1C7} : DhcpNameServer = 10.0.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chloe\appdata\roaming\mozilla\firefox\profiles\mzd3d731.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-12 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-12 29712]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-12 243152]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-5-15 61424]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-5-15 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-5-15 24576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-7 652360]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-5-15 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-5-12 1831024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-7 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-27 40776]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2008-12-21 388096]
S2 gupdate1ca9c6d77a7bb90;Google Update Service (gupdate1ca9c6d77a7bb90);c:\program files\google\update\GoogleUpdate.exe [2010-1-23 133104]
S2 TeamViewer;S117unic;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-4-12 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-23 133104]
.
=============== Created Last 30 ================
.
2012-02-28 18:58:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-27 23:12:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-26 22:26:55 -------- d-----w- c:\users\chloe\appdata\roaming\PCPro
2012-02-26 22:26:55 -------- d-----w- c:\users\chloe\appdata\roaming\PC Cleaners
2012-02-26 22:26:28 5279504 ----a-w- c:\windows\uninst.exe
2012-02-26 22:26:27 -------- d-----w- c:\programdata\PC1Data
2012-02-09 15:51:12 -------- dc-h--w- c:\programdata\{13A9B825-42CB-4973-913D-2194B5A4CF94}
2012-02-07 18:36:21 -------- d-----w- c:\users\chloe\appdata\roaming\Malwarebytes
2012-02-07 18:35:51 -------- d-----w- c:\programdata\Malwarebytes
2012-02-07 18:35:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 18:35:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-06 21:31:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-06 16:14:48 -------- d-----w- c:\users\chloe\appdata\local\Ilivid Player
2012-02-06 16:13:46 -------- d-----w- c:\programdata\boost_interprocess
.
==================== Find3M ====================
.
2012-02-28 18:59:57 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
.
============= FINISH: 19:25:58.97 ===============







.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 21/12/2008 01:55:36
System Uptime: 29/02/2012 18:01:45 (1 hours ago)
.
Motherboard: Acer | | CathedralPeak
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | U2E1 | 2166/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 18.859 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 86.638 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP443: 27/01/2012 13:39:58 - Avg Update
RP445: 27/01/2012 13:45:17 - Avg Update
RP447: 06/02/2012 16:19:57 - Removed eSobi v2
RP448: 09/02/2012 17:21:45 - Pre-Malware Cleanup
RP449: 18/02/2012 17:39:55 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Arcade Deluxe
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer Product Registration
Acer ScreenSaver
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audacity 1.2.6
AVG Free 9.0
BitTorrent
Bonjour
CCleaner
CX4300_5500_DX4400 manual
Deckadance
DivX Web Player
Drumaxx
Effectrix 1.4
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON Printer Software
EPSON Scan
FL Studio 10
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
IL Download Manager
Intel(R) Graphics Media Accelerator Driver
iTunes
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 26
Launch Manager
LightScribe 1.4.142.1
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 5.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Massive
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
Norton Security Scan
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Orion
PhotoNow!
PoiZone
PowerDirector
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
rgcAudio z3ta Plus v1.40
Sakura
Sawer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spotify
Steam
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Toxic Biohazard
UKCAT Practice Tests
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.1.5
WinDirStat 1.1.2
WinRAR 4.01 (32-bit)
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
28/02/2012 23:12:05, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070002.
28/02/2012 18:58:54, Error: Service Control Manager [7023] - The InterBaseServer service terminated with the following error: Access is denied.
28/02/2012 18:43:54, Error: Service Control Manager [7023] - The Websenseuserservice service terminated with the following error: Access is denied.
28/02/2012 18:42:55, Error: Service Control Manager [7023] - The W800mdm service terminated with the following error: Access is denied.
27/02/2012 23:21:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/02/2012 23:21:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr SRTSP SRTSPX SYMTDI Tcpip tdx Wanarpv6
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The NTIPPKernel service depends on the IP Traffic Filter Driver service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 23:21:26, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 23:21:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
27/02/2012 23:21:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
27/02/2012 23:21:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/02/2012 23:20:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27/02/2012 23:20:12, Error: EventLog [6008] - The previous system shutdown at 23:18:07 on 27/02/2012 was unexpected.
27/02/2012 23:15:54, Error: Service Control Manager [7023] - The Arcltsrv service terminated with the following error: Access is denied.
27/02/2012 23:00:54, Error: Service Control Manager [7023] - The Sshrmd service terminated with the following error: Access is denied.
27/02/2012 22:45:54, Error: Service Control Manager [7023] - The Cdaudio service terminated with the following error: Access is denied.
27/02/2012 22:30:54, Error: Service Control Manager [7023] - The Digitizer service terminated with the following error: Access is denied.
27/02/2012 22:29:54, Error: Service Control Manager [7023] - The Mgisvr service terminated with the following error: Access is denied.
27/02/2012 22:20:07, Error: EventLog [6008] - The previous system shutdown at 22:18:15 on 27/02/2012 was unexpected.
27/02/2012 22:16:23, Error: Service Control Manager [7023] - The WmXlCore service terminated with the following error: Access is denied.
27/02/2012 22:15:24, Error: Service Control Manager [7023] - The Wlidsvc service terminated with the following error: Access is denied.
27/02/2012 20:33:36, Error: Service Control Manager [7023] - The SWNC8U20 service terminated with the following error: Access is denied.
27/02/2012 20:18:36, Error: Service Control Manager [7023] - The S117unic service terminated with the following error: Access is denied.
27/02/2012 20:03:37, Error: Service Control Manager [7023] - The Ipsecmon service terminated with the following error: Access is denied.
27/02/2012 19:48:36, Error: Service Control Manager [7023] - The Monfilt service terminated with the following error: Access is denied.
27/02/2012 19:33:37, Error: Service Control Manager [7023] - The S616bus service terminated with the following error: Access is denied.
27/02/2012 19:32:37, Error: Service Control Manager [7023] - The Qbfcservice service terminated with the following error: Access is denied.
27/02/2012 19:32:21, Error: Service Control Manager [7023] - The Marvinbus service terminated with the following error: The specified module could not be found.
27/02/2012 19:31:33, Error: EventLog [6008] - The previous system shutdown at 19:29:29 on 27/02/2012 was unexpected.
27/02/2012 19:19:07, Error: Service Control Manager [7023] - The Marvinbus service terminated with the following error: Access is denied.
27/02/2012 19:04:07, Error: Service Control Manager [7023] - The Mksupdateint service terminated with the following error: Access is denied.
27/02/2012 18:49:07, Error: Service Control Manager [7023] - The HpqKbFiltr service terminated with the following error: Access is denied.
27/02/2012 18:34:08, Error: Service Control Manager [7023] - The Tiumfwl service terminated with the following error: Access is denied.
27/02/2012 18:19:07, Error: Service Control Manager [7023] - The WMIService service terminated with the following error: Access is denied.
27/02/2012 18:18:24, Error: Service Control Manager [7023] - The Lxcg_device service terminated with the following error: Access is denied.
27/02/2012 18:17:37, Error: Service Control Manager [7023] - The Ftpqueue service terminated with the following error: Access is denied.
26/02/2012 21:33:55, Error: Service Control Manager [7023] - The Msftpsvc service terminated with the following error: The specified module could not be found.
26/02/2012 21:33:55, Error: Service Control Manager [7023] - The Matlabserver service terminated with the following error: The specified module could not be found.
26/02/2012 21:33:55, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
26/02/2012 21:33:55, Error: Service Control Manager [7023] - The As6frin service terminated with the following error: The specified module could not be found.
26/02/2012 21:33:55, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
26/02/2012 21:33:55, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
26/02/2012 21:33:55, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
26/02/2012 21:33:33, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\RAIHV.dll Error Code: 126
.
==== End Of File ===========================




Thank you very much in advance
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

You're running two AV programs, AVG and Norton.
One of them has to go.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities
If Norton use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

When done....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Click on SCAN.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
 
Hey Broni,

Removed Norton (outdated anyway).

Here are the logs:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-01 18:59:24
-----------------------------
18:59:24.503 OS Version: Windows 6.0.6001 Service Pack 1
18:59:24.503 Number of processors: 2 586 0xF0D
18:59:24.506 ComputerName: STUDENT00060804 UserName: Chloe
18:59:28.485 Initialize success
18:59:35.261 AVAST engine defs: 12030100
18:59:39.570 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
18:59:39.573 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 3
18:59:39.621 Disk 0 MBR read successfully
18:59:39.626 Disk 0 MBR scan
18:59:39.744 Disk 0 unknown MBR code
18:59:39.759 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
18:59:39.762 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114243 MB offset 20482048
18:59:39.798 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 114230 MB offset 254451712
18:59:39.822 Disk 0 scanning sectors +488394752
18:59:39.949 Disk 0 scanning C:\Windows\system32\drivers
19:00:05.632 Service scanning
19:01:15.144 Modules scanning
19:01:25.578 Disk 0 trace - called modules:
19:01:25.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
19:01:25.958 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857cb410]
19:01:25.964 3 CLASSPNP.SYS[899a9745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x84abc398]
19:01:26.971 AVAST engine scan C:\Windows
19:01:31.505 AVAST engine scan C:\Windows\system32
19:05:14.269 AVAST engine scan C:\Windows\system32\drivers
19:05:36.137 AVAST engine scan C:\Users\Chloe
19:06:51.190 Disk 0 MBR has been saved successfully to "C:\Users\Chloe\Desktop\MBR.dat"
19:06:51.193 The log file has been saved successfully to "C:\Users\Chloe\Desktop\aswMBR.txt"


=======================================================



RogueKiller V7.2.1 [02/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: Chloe [Admin rights]
Mode: Scan -- Date: 03/01/2012 19:09:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543225L9A300 ATA Device +++++
--- User ---
[MBR] 3c68ae32778f2a5758c80ebd5fd76afc
[BSP] a2a1078e83c588781f3c4b28edee486e : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 114243 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254451712 | Size: 114230 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
That looks good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hey,

I've tried combofix after uninstalling AVG. It says it has detected rootkit and has to reboot. After rebooting it doesn't produce a report and it has the same results when I run it again. Also windows went to a blue screen shut down and rebooted the first time I tried to type this. Any help?
 
I'm on a different computer now. Combofix still did not produce the file when I ran in safemode. However now I cannot effectively use the computer in normal mode, everytime I try to log on it goes to the blue screen and says that windows needs to shut down. I can use the computer in safemode though. Think I will need to restore?
 
I need to know what exactly happens when you try to run Combofix from safe mode.
 
I run combofix.
Combofix starts scanning.
It stops after about 5 minutes and informs me that it has detected rootkit and needs to reboot to remove it and tells me to run combofix again if it doesn't work.
It then restarts but no log appears on my desktop, as if it never ran.
I try running it again and the same thing happens.
I could download rkill onto this pc and transfer it onto my infected pc with a usb key if that would help?
 
Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 1 (build 600
1), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`71100000
Boot sector MD5 is: 26062c4eb9a0e14db5e0d0ba52a0aa93

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
20:32:12.0069 1968 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
20:32:12.0101 1968 ============================================================
20:32:12.0101 1968 Current date / time: 2012/03/04 20:32:12.0101
20:32:12.0101 1968 SystemInfo:
20:32:12.0101 1968
20:32:12.0101 1968 OS Version: 6.0.6001 ServicePack: 1.0
20:32:12.0101 1968 Product type: Workstation
20:32:12.0101 1968 ComputerName: STUDENT00060804
20:32:12.0101 1968 UserName: Chloe
20:32:12.0101 1968 Windows directory: C:\Windows
20:32:12.0101 1968 System windows directory: C:\Windows
20:32:12.0101 1968 Processor architecture: Intel x86
20:32:12.0101 1968 Number of processors: 2
20:32:12.0101 1968 Page size: 0x1000
20:32:12.0101 1968 Boot type: Safe boot
20:32:12.0101 1968 ============================================================
20:32:15.0096 1968 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:32:15.0096 1968 \Device\Harddisk0\DR0:
20:32:15.0096 1968 MBR used
20:32:15.0096 1968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xDF21800
20:32:15.0096 1968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2AA000, BlocksNum 0xDF1B000
20:32:15.0205 1968 Initialize success
20:32:15.0205 1968 ============================================================
20:32:20.0353 1984 ============================================================
20:32:20.0353 1984 Scan started
20:32:20.0353 1984 Mode: Manual;
20:32:20.0353 1984 ============================================================
20:32:21.0289 1984 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
20:32:21.0289 1984 ACPI - ok
20:32:21.0336 1984 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:32:21.0336 1984 adp94xx - ok
20:32:21.0367 1984 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:32:21.0367 1984 adpahci - ok
20:32:21.0461 1984 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:32:21.0476 1984 adpu160m - ok
20:32:21.0507 1984 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:32:21.0507 1984 adpu320 - ok
20:32:21.0539 1984 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
20:32:21.0554 1984 AFD - ok
20:32:21.0663 1984 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
20:32:21.0663 1984 AgereSoftModem - ok
20:32:21.0757 1984 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:32:21.0757 1984 agp440 - ok
20:32:21.0773 1984 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:32:21.0773 1984 aic78xx - ok
20:32:21.0804 1984 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:32:21.0804 1984 aliide - ok
20:32:21.0835 1984 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:32:21.0835 1984 amdagp - ok
20:32:21.0913 1984 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:32:21.0913 1984 amdide - ok
20:32:21.0944 1984 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:32:21.0944 1984 AmdK7 - ok
20:32:21.0975 1984 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:32:21.0975 1984 AmdK8 - ok
20:32:22.0069 1984 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:32:22.0069 1984 arc - ok
20:32:22.0100 1984 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:32:22.0100 1984 arcsas - ok
20:32:22.0147 1984 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:32:22.0147 1984 AsyncMac - ok
20:32:22.0225 1984 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
20:32:22.0225 1984 atapi - ok
20:32:22.0272 1984 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:32:22.0272 1984 b57nd60x - ok
20:32:22.0319 1984 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:32:22.0319 1984 Beep - ok
20:32:22.0412 1984 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:32:22.0412 1984 blbdrive - ok
20:32:22.0490 1984 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
20:32:22.0490 1984 bowser - ok
20:32:22.0521 1984 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:32:22.0521 1984 BrFiltLo - ok
20:32:22.0615 1984 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:32:22.0615 1984 BrFiltUp - ok
20:32:22.0646 1984 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:32:22.0646 1984 Brserid - ok
20:32:22.0677 1984 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:32:22.0677 1984 BrSerWdm - ok
20:32:22.0709 1984 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:32:22.0709 1984 BrUsbMdm - ok
20:32:22.0787 1984 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:32:22.0787 1984 BrUsbSer - ok
20:32:22.0818 1984 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:32:22.0818 1984 BTHMODEM - ok
20:32:22.0896 1984 catchme - ok
20:32:22.0989 1984 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:32:23.0005 1984 cdfs - ok
20:32:23.0005 1984 cdrom - ok
20:32:23.0052 1984 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:32:23.0052 1984 circlass - ok
20:32:23.0083 1984 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
20:32:23.0114 1984 CLFS - ok
20:32:23.0208 1984 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:32:23.0208 1984 CmBatt - ok
20:32:23.0239 1984 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:32:23.0239 1984 cmdide - ok
20:32:23.0255 1984 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:32:23.0255 1984 Compbatt - ok
20:32:23.0333 1984 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:32:23.0333 1984 crcdisk - ok
20:32:23.0379 1984 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:32:23.0379 1984 Crusoe - ok
20:32:23.0535 1984 DfsC (cbda4adeec40ff219a141729e4774d05) C:\Windows\system32\Drivers\dfsc.sys
20:32:23.0535 1984 DfsC ( Virus.Win32.ZAccess.c ) - infected
20:32:23.0535 1984 DfsC - detected Virus.Win32.ZAccess.c (0)
20:32:23.0598 1984 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
20:32:23.0598 1984 disk - ok
20:32:23.0676 1984 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
20:32:23.0676 1984 DKbFltr - ok
20:32:23.0723 1984 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:32:23.0723 1984 drmkaud - ok
20:32:23.0832 1984 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
20:32:23.0832 1984 DXGKrnl - ok
20:32:23.0925 1984 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:32:23.0925 1984 E1G60 - ok
20:32:23.0957 1984 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
20:32:23.0957 1984 Ecache - ok
20:32:24.0003 1984 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:32:24.0019 1984 elxstor - ok
20:32:24.0097 1984 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:32:24.0097 1984 ErrDev - ok
20:32:24.0159 1984 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
20:32:24.0159 1984 exfat - ok
20:32:24.0191 1984 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
20:32:24.0191 1984 fastfat - ok
20:32:24.0269 1984 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:32:24.0269 1984 fdc - ok
20:32:24.0300 1984 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:32:24.0300 1984 FileInfo - ok
20:32:24.0315 1984 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:32:24.0315 1984 Filetrace - ok
20:32:24.0347 1984 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:32:24.0347 1984 flpydisk - ok
20:32:24.0534 1984 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
20:32:24.0534 1984 FltMgr - ok
20:32:24.0846 1984 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:32:24.0846 1984 Fs_Rec - ok
20:32:25.0142 1984 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:32:25.0142 1984 gagp30kx - ok
20:32:25.0454 1984 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:32:25.0454 1984 GEARAspiWDM - ok
20:32:25.0813 1984 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:32:25.0813 1984 HdAudAddService - ok
20:32:26.0063 1984 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:32:26.0063 1984 HDAudBus - ok
20:32:26.0375 1984 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:32:26.0375 1984 HidBth - ok
20:32:26.0640 1984 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:32:26.0640 1984 HidIr - ok
20:32:26.0889 1984 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
20:32:26.0889 1984 HidUsb - ok
20:32:27.0014 1984 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:32:27.0030 1984 HpCISSs - ok
20:32:27.0357 1984 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:32:27.0357 1984 HSFHWAZL - ok
20:32:27.0607 1984 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:32:27.0607 1984 HSF_DPV - ok
20:32:27.0716 1984 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
20:32:27.0732 1984 HTTP - ok
20:32:27.0779 1984 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:32:27.0779 1984 i2omp - ok
20:32:27.0841 1984 i8042prt - ok
20:32:27.0888 1984 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:32:27.0888 1984 iaStorV - ok
20:32:28.0153 1984 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:32:28.0200 1984 igfx - ok
20:32:28.0294 1984 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:32:28.0294 1984 iirsp - ok
20:32:28.0340 1984 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
20:32:28.0340 1984 int15 - ok
20:32:28.0434 1984 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
20:32:28.0434 1984 IntcAzAudAddService - ok
20:32:28.0528 1984 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:32:28.0528 1984 intelide - ok
20:32:28.0559 1984 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:32:28.0559 1984 intelppm - ok
20:32:28.0574 1984 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:32:28.0574 1984 IpFilterDriver - ok
20:32:28.0668 1984 IpInIp - ok
20:32:28.0715 1984 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:32:28.0715 1984 IPMIDRV - ok
20:32:28.0746 1984 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:32:28.0746 1984 IPNAT - ok
20:32:28.0793 1984 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
20:32:28.0793 1984 irda - ok
20:32:28.0871 1984 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:32:28.0886 1984 IRENUM - ok
20:32:28.0918 1984 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:32:28.0918 1984 isapnp - ok
20:32:28.0949 1984 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
20:32:28.0949 1984 iScsiPrt - ok
20:32:28.0964 1984 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:32:28.0964 1984 iteatapi - ok
20:32:29.0074 1984 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:32:29.0074 1984 iteraid - ok
20:32:29.0089 1984 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:32:29.0089 1984 kbdclass - ok
20:32:29.0105 1984 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
20:32:29.0105 1984 kbdhid - ok
20:32:29.0167 1984 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
20:32:29.0167 1984 KSecDD - ok
20:32:29.0292 1984 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:32:29.0292 1984 lltdio - ok
20:32:29.0323 1984 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:32:29.0323 1984 LSI_FC - ok
20:32:29.0354 1984 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:32:29.0354 1984 LSI_SAS - ok
20:32:29.0386 1984 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:32:29.0386 1984 LSI_SCSI - ok
20:32:29.0464 1984 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:32:29.0479 1984 luafv - ok
20:32:29.0542 1984 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
20:32:29.0542 1984 MBAMProtector - ok
20:32:29.0573 1984 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:32:29.0573 1984 megasas - ok
20:32:29.0604 1984 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:32:29.0604 1984 MegaSR - ok
20:32:29.0698 1984 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:32:29.0698 1984 Modem - ok
20:32:29.0729 1984 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:32:29.0729 1984 monitor - ok
20:32:29.0744 1984 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:32:29.0744 1984 mouclass - ok
20:32:29.0760 1984 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:32:29.0760 1984 mouhid - ok
20:32:29.0791 1984 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:32:29.0791 1984 MountMgr - ok
20:32:29.0885 1984 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:32:29.0885 1984 mpio - ok
20:32:29.0900 1984 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:32:29.0900 1984 mpsdrv - ok
20:32:29.0932 1984 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:32:29.0932 1984 Mraid35x - ok
20:32:29.0947 1984 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
20:32:29.0947 1984 MRxDAV - ok
20:32:29.0994 1984 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:32:29.0994 1984 mrxsmb - ok
20:32:30.0088 1984 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:32:30.0088 1984 mrxsmb10 - ok
20:32:30.0119 1984 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:32:30.0119 1984 mrxsmb20 - ok
20:32:30.0150 1984 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
20:32:30.0150 1984 msahci - ok
20:32:30.0244 1984 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:32:30.0244 1984 msdsm - ok
20:32:30.0290 1984 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:32:30.0290 1984 Msfs - ok
20:32:30.0306 1984 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:32:30.0306 1984 msisadrv - ok
20:32:30.0400 1984 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:32:30.0400 1984 MSKSSRV - ok
20:32:30.0431 1984 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:32:30.0431 1984 MSPCLOCK - ok
20:32:30.0446 1984 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:32:30.0446 1984 MSPQM - ok
20:32:30.0462 1984 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
20:32:30.0462 1984 MsRPC - ok
20:32:30.0556 1984 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:32:30.0556 1984 mssmbios - ok
20:32:30.0587 1984 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:32:30.0587 1984 MSTEE - ok
20:32:30.0618 1984 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
20:32:30.0618 1984 Mup - ok
20:32:30.0665 1984 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
20:32:30.0665 1984 NativeWifiP - ok
20:32:30.0774 1984 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
20:32:30.0774 1984 NDIS - ok
20:32:30.0790 1984 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:32:30.0790 1984 NdisTapi - ok
20:32:30.0821 1984 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:32:30.0821 1984 Ndisuio - ok
20:32:30.0914 1984 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
20:32:30.0914 1984 NdisWan - ok
20:32:30.0946 1984 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:32:30.0946 1984 NDProxy - ok
20:32:30.0961 1984 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:32:30.0961 1984 NetBIOS - ok
20:32:31.0070 1984 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
20:32:31.0070 1984 netbt - ok
20:32:31.0117 1984 netr28 (a013222a9a890ddaac967debade59ead) C:\Windows\system32\DRIVERS\netr28.sys
20:32:31.0117 1984 netr28 - ok
20:32:31.0195 1984 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:32:31.0195 1984 nfrd960 - ok
20:32:31.0211 1984 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
20:32:31.0211 1984 Npfs - ok
20:32:31.0242 1984 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
20:32:31.0242 1984 NSCIRDA - ok
20:32:31.0273 1984 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:32:31.0273 1984 nsiproxy - ok
20:32:31.0367 1984 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
20:32:31.0382 1984 Ntfs - ok
20:32:31.0460 1984 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
20:32:31.0460 1984 NTIDrvr - ok
20:32:31.0570 1984 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
20:32:31.0570 1984 NTIPPKernel - ok
20:32:31.0679 1984 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:32:31.0679 1984 ntrigdigi - ok
20:32:31.0710 1984 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:32:31.0710 1984 Null - ok
20:32:31.0741 1984 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:32:31.0741 1984 nvraid - ok
20:32:31.0772 1984 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:32:31.0772 1984 nvstor - ok
20:32:31.0819 1984 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:32:31.0819 1984 nv_agp - ok
20:32:31.0866 1984 NwlnkFlt - ok
20:32:31.0882 1984 NwlnkFwd - ok
20:32:31.0928 1984 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
20:32:31.0928 1984 ohci1394 - ok
20:32:31.0991 1984 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:32:31.0991 1984 Parport - ok
20:32:32.0022 1984 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
20:32:32.0022 1984 partmgr - ok
20:32:32.0100 1984 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:32:32.0100 1984 Parvdm - ok
20:32:32.0131 1984 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
20:32:32.0131 1984 pci - ok
20:32:32.0162 1984 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:32:32.0162 1984 pciide - ok
20:32:32.0194 1984 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
20:32:32.0194 1984 pcmcia - ok
20:32:32.0318 1984 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:32:32.0318 1984 PEAUTH - ok
20:32:32.0459 1984 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:32:32.0459 1984 PptpMiniport - ok
20:32:32.0474 1984 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:32:32.0474 1984 Processor - ok
20:32:32.0506 1984 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
20:32:32.0506 1984 PSched - ok
20:32:32.0599 1984 PSDFilter (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys
20:32:32.0599 1984 PSDFilter - ok
20:32:32.0630 1984 PSDNServ (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys
20:32:32.0630 1984 PSDNServ - ok
20:32:32.0646 1984 psdvdisk (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys
20:32:32.0662 1984 psdvdisk - ok
20:32:32.0724 1984 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:32:32.0740 1984 ql2300 - ok
20:32:32.0833 1984 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:32:32.0833 1984 ql40xx - ok
20:32:32.0864 1984 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:32:32.0864 1984 QWAVEdrv - ok
20:32:32.0880 1984 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:32:32.0880 1984 RasAcd - ok
20:32:32.0911 1984 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:32:32.0911 1984 Rasl2tp - ok
20:32:33.0005 1984 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
20:32:33.0020 1984 RasPppoe - ok
20:32:33.0036 1984 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
20:32:33.0036 1984 RasSstp - ok
20:32:33.0067 1984 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
20:32:33.0067 1984 rdbss - ok
20:32:33.0083 1984 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:32:33.0083 1984 RDPCDD - ok
20:32:33.0176 1984 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:32:33.0176 1984 rdpdr - ok
20:32:33.0192 1984 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:32:33.0192 1984 RDPENCDD - ok
20:32:33.0223 1984 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
20:32:33.0239 1984 RDPWD - ok
20:32:33.0301 1984 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:32:33.0301 1984 rspndr - ok
20:32:33.0379 1984 RTSTOR (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS
20:32:33.0379 1984 RTSTOR - ok
20:32:33.0426 1984 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:32:33.0426 1984 sbp2port - ok
20:32:33.0473 1984 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
20:32:33.0473 1984 sdbus - ok
20:32:33.0566 1984 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:32:33.0566 1984 secdrv - ok
20:32:33.0629 1984 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:32:33.0629 1984 Serenum - ok
20:32:33.0707 1984 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:32:33.0722 1984 Serial - ok
20:32:33.0769 1984 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:32:33.0769 1984 sermouse - ok
20:32:33.0863 1984 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:32:33.0863 1984 sffdisk - ok
20:32:33.0894 1984 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:32:33.0894 1984 sffp_mmc - ok
20:32:33.0925 1984 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:32:33.0925 1984 sffp_sd - ok
20:32:34.0019 1984 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:32:34.0019 1984 sfloppy - ok
20:32:34.0081 1984 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:32:34.0081 1984 sisagp - ok
20:32:34.0175 1984 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:32:34.0175 1984 SiSRaid2 - ok
20:32:34.0237 1984 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:32:34.0237 1984 SiSRaid4 - ok
20:32:34.0331 1984 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
20:32:34.0331 1984 Smb - ok
20:32:34.0393 1984 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:32:34.0393 1984 spldr - ok
20:32:34.0502 1984 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
20:32:34.0502 1984 srv - ok
20:32:34.0565 1984 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
20:32:34.0565 1984 srv2 - ok
20:32:34.0643 1984 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
20:32:34.0643 1984 srvnet - ok
20:32:34.0705 1984 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:32:34.0705 1984 swenum - ok
20:32:34.0799 1984 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:32:34.0799 1984 Symc8xx - ok
20:32:34.0830 1984 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:32:34.0830 1984 Sym_hi - ok
20:32:34.0861 1984 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:32:34.0861 1984 Sym_u3 - ok
20:32:34.0924 1984 SynTP (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys
20:32:34.0924 1984 SynTP - ok
20:32:35.0033 1984 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
20:32:35.0033 1984 Tcpip - ok
20:32:35.0158 1984 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
20:32:35.0173 1984 Tcpip6 - ok
20:32:35.0251 1984 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
20:32:35.0251 1984 tcpipreg - ok
20:32:35.0267 1984 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:32:35.0282 1984 TDPIPE - ok
20:32:35.0314 1984 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:32:35.0314 1984 TDTCP - ok
20:32:35.0360 1984 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
20:32:35.0360 1984 tdx - ok
20:32:35.0454 1984 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
20:32:35.0454 1984 TermDD - ok
20:32:35.0516 1984 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:32:35.0516 1984 tssecsrv - ok
20:32:35.0532 1984 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:32:35.0532 1984 tunmp - ok
20:32:35.0563 1984 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
20:32:35.0563 1984 tunnel - ok
20:32:35.0641 1984 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:32:35.0657 1984 uagp35 - ok
20:32:35.0688 1984 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
20:32:35.0688 1984 UBHelper - ok
20:32:35.0719 1984 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
20:32:35.0719 1984 udfs - ok
20:32:35.0750 1984 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:32:35.0750 1984 uliagpkx - ok
20:32:35.0844 1984 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:32:35.0844 1984 uliahci - ok
20:32:35.0875 1984 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:32:35.0875 1984 UlSata - ok
20:32:35.0906 1984 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:32:35.0906 1984 ulsata2 - ok
20:32:35.0938 1984 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:32:35.0938 1984 umbus - ok
20:32:36.0016 1984 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:32:36.0016 1984 USBAAPL - ok
20:32:36.0062 1984 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
20:32:36.0062 1984 usbaudio - ok
20:32:36.0109 1984 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:32:36.0109 1984 usbccgp - ok
20:32:36.0218 1984 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:32:36.0218 1984 usbcir - ok
20:32:36.0234 1984 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
20:32:36.0234 1984 usbehci - ok
20:32:36.0265 1984 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
20:32:36.0265 1984 usbhub - ok
20:32:36.0296 1984 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:32:36.0296 1984 usbohci - ok
20:32:36.0390 1984 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:32:36.0390 1984 usbprint - ok
20:32:36.0421 1984 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:32:36.0421 1984 usbscan - ok
20:32:36.0468 1984 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:32:36.0468 1984 USBSTOR - ok
20:32:36.0499 1984 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:32:36.0499 1984 usbuhci - ok
20:32:36.0593 1984 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:32:36.0593 1984 usbvideo - ok
20:32:36.0640 1984 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:32:36.0640 1984 vga - ok
20:32:36.0655 1984 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:32:36.0655 1984 VgaSave - ok
20:32:36.0686 1984 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:32:36.0686 1984 viaagp - ok
20:32:36.0718 1984 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:32:36.0718 1984 ViaC7 - ok
20:32:36.0811 1984 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:32:36.0811 1984 viaide - ok
20:32:36.0827 1984 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:32:36.0827 1984 volmgr - ok
20:32:36.0858 1984 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
20:32:36.0874 1984 volmgrx - ok
20:32:36.0889 1984 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
20:32:36.0889 1984 volsnap - ok
20:32:36.0983 1984 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:32:36.0983 1984 vsmraid - ok
20:32:37.0030 1984 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:32:37.0030 1984 WacomPen - ok
20:32:37.0061 1984 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:32:37.0061 1984 Wanarp - ok
20:32:37.0061 1984 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:32:37.0061 1984 Wanarpv6 - ok
20:32:37.0170 1984 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:32:37.0170 1984 Wd - ok
20:32:37.0217 1984 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:32:37.0217 1984 Wdf01000 - ok
20:32:37.0310 1984 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:32:37.0326 1984 winachsf - ok
20:32:37.0466 1984 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:32:37.0466 1984 WmiAcpi - ok
20:32:37.0513 1984 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
20:32:37.0513 1984 WpdUsb - ok
20:32:37.0529 1984 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:32:37.0544 1984 ws2ifsl - ok
20:32:37.0576 1984 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:32:37.0576 1984 WUDFRd - ok
20:32:37.0669 1984 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
20:32:37.0669 1984 yukonwlh - ok
20:32:37.0747 1984 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
20:32:37.0747 1984 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
20:32:37.0778 1984 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
20:32:40.0025 1984 \Device\Harddisk0\DR0 - ok
20:32:40.0025 1984 Boot (0x1200) (eb48696cdcc2838530e9cac44fcf4a27) \Device\Harddisk0\DR0\Partition0
20:32:40.0040 1984 \Device\Harddisk0\DR0\Partition0 - ok
20:32:40.0056 1984 Boot (0x1200) (58995969653c4cb7538dcc4dd0d5e2c9) \Device\Harddisk0\DR0\Partition1
20:32:40.0056 1984 \Device\Harddisk0\DR0\Partition1 - ok
20:32:40.0056 1984 ============================================================
20:32:40.0056 1984 Scan finished
20:32:40.0056 1984 ============================================================
20:32:40.0072 1976 Detected object count: 1
20:32:40.0072 1976 Actual detected object count: 1
20:33:18.0931 1976 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine
20:33:18.0931 1976 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813
20:33:24.0703 1976 Backup copy not found, trying to cure infected file..
20:33:24.0735 1976 Cure success, using it..
20:33:24.0766 1976 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot
20:33:29.0071 1976 DfsC ( Virus.Win32.ZAccess.c ) - User select action: Cure
20:33:33.0050 1964 Deinitialize success





==========================================================

Just so you know I ran this from safemode due to the windows bluescreen problem ("Windows has to shut down to prevent damage").
My keyboard also doesn't appear to be working (typing this from a different computer). I think this started happening around the same time as the bluescreen problem. I can still run these programs obviously but it'd be good if there was a way of fixing this. Thanks.
 
21:03:55.0480 1660 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
21:03:55.0480 1660 ============================================================
21:03:55.0480 1660 Current date / time: 2012/03/04 21:03:55.0480
21:03:55.0480 1660 SystemInfo:
21:03:55.0480 1660
21:03:55.0480 1660 OS Version: 6.0.6001 ServicePack: 1.0
21:03:55.0480 1660 Product type: Workstation
21:03:55.0480 1660 ComputerName: STUDENT00060804
21:03:55.0480 1660 UserName: Chloe
21:03:55.0480 1660 Windows directory: C:\Windows
21:03:55.0480 1660 System windows directory: C:\Windows
21:03:55.0480 1660 Processor architecture: Intel x86
21:03:55.0480 1660 Number of processors: 2
21:03:55.0480 1660 Page size: 0x1000
21:03:55.0480 1660 Boot type: Safe boot
21:03:55.0480 1660 ============================================================
21:03:56.0806 1660 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:03:56.0806 1660 \Device\Harddisk0\DR0:
21:03:56.0821 1660 MBR used
21:03:56.0821 1660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xDF21800
21:03:56.0821 1660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2AA000, BlocksNum 0xDF1B000
21:03:57.0008 1660 Initialize success
21:03:57.0008 1660 ============================================================
21:03:58.0662 1684 ============================================================
21:03:58.0662 1684 Scan started
21:03:58.0662 1684 Mode: Manual;
21:03:58.0662 1684 ============================================================
21:03:59.0879 1684 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
21:03:59.0879 1684 ACPI - ok
21:03:59.0910 1684 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:03:59.0910 1684 adp94xx - ok
21:03:59.0941 1684 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:03:59.0941 1684 adpahci - ok
21:04:00.0050 1684 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:04:00.0050 1684 adpu160m - ok
21:04:00.0066 1684 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:04:00.0066 1684 adpu320 - ok
21:04:00.0128 1684 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
21:04:00.0128 1684 AFD - ok
21:04:00.0238 1684 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
21:04:00.0253 1684 AgereSoftModem - ok
21:04:00.0316 1684 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:04:00.0316 1684 agp440 - ok
21:04:00.0347 1684 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:04:00.0347 1684 aic78xx - ok
21:04:00.0378 1684 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:04:00.0378 1684 aliide - ok
21:04:00.0394 1684 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:04:00.0394 1684 amdagp - ok
21:04:00.0425 1684 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:04:00.0425 1684 amdide - ok
21:04:00.0503 1684 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:04:00.0503 1684 AmdK7 - ok
21:04:00.0534 1684 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:04:00.0534 1684 AmdK8 - ok
21:04:00.0581 1684 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:04:00.0581 1684 arc - ok
21:04:00.0674 1684 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:04:00.0674 1684 arcsas - ok
21:04:00.0737 1684 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:00.0737 1684 AsyncMac - ok
21:04:00.0752 1684 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
21:04:00.0752 1684 atapi - ok
21:04:00.0846 1684 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:04:00.0862 1684 b57nd60x - ok
21:04:00.0893 1684 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:04:00.0893 1684 Beep - ok
21:04:00.0940 1684 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:04:00.0940 1684 blbdrive - ok
21:04:01.0049 1684 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
21:04:01.0049 1684 bowser - ok
21:04:01.0080 1684 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:04:01.0080 1684 BrFiltLo - ok
21:04:01.0111 1684 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:04:01.0111 1684 BrFiltUp - ok
21:04:01.0127 1684 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:04:01.0127 1684 Brserid - ok
21:04:01.0220 1684 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:04:01.0220 1684 BrSerWdm - ok
21:04:01.0252 1684 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:04:01.0252 1684 BrUsbMdm - ok
21:04:01.0283 1684 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:04:01.0283 1684 BrUsbSer - ok
21:04:01.0298 1684 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:04:01.0298 1684 BTHMODEM - ok
21:04:01.0392 1684 catchme - ok
21:04:01.0486 1684 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:04:01.0486 1684 cdfs - ok
21:04:01.0501 1684 cdrom - ok
21:04:01.0548 1684 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:04:01.0548 1684 circlass - ok
21:04:01.0626 1684 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
21:04:01.0642 1684 CLFS - ok
21:04:01.0720 1684 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:04:01.0720 1684 CmBatt - ok
21:04:01.0751 1684 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:04:01.0751 1684 cmdide - ok
21:04:01.0829 1684 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:04:01.0829 1684 Compbatt - ok
21:04:01.0860 1684 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:04:01.0860 1684 crcdisk - ok
21:04:01.0891 1684 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:04:01.0891 1684 Crusoe - ok
21:04:02.0047 1684 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
21:04:02.0047 1684 DfsC - ok
21:04:02.0110 1684 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
21:04:02.0110 1684 disk - ok
21:04:02.0203 1684 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:04:02.0203 1684 DKbFltr - ok
21:04:02.0234 1684 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:04:02.0234 1684 drmkaud - ok
21:04:02.0281 1684 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
21:04:02.0281 1684 DXGKrnl - ok
21:04:02.0375 1684 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:04:02.0375 1684 E1G60 - ok
21:04:02.0406 1684 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
21:04:02.0406 1684 Ecache - ok
21:04:02.0453 1684 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:04:02.0453 1684 elxstor - ok
21:04:02.0562 1684 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:04:02.0562 1684 ErrDev - ok
21:04:02.0609 1684 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
21:04:02.0609 1684 exfat - ok
21:04:02.0640 1684 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
21:04:02.0640 1684 fastfat - ok
21:04:02.0718 1684 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:04:02.0718 1684 fdc - ok
21:04:02.0749 1684 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:04:02.0749 1684 FileInfo - ok
21:04:02.0780 1684 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:04:02.0780 1684 Filetrace - ok
21:04:02.0812 1684 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:04:02.0812 1684 flpydisk - ok
21:04:02.0905 1684 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
21:04:02.0905 1684 FltMgr - ok
21:04:02.0936 1684 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:04:02.0936 1684 Fs_Rec - ok
21:04:02.0968 1684 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:04:02.0968 1684 gagp30kx - ok
21:04:02.0999 1684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:04:02.0999 1684 GEARAspiWDM - ok
21:04:03.0108 1684 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:04:03.0108 1684 HdAudAddService - ok
21:04:03.0139 1684 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:04:03.0139 1684 HDAudBus - ok
21:04:03.0155 1684 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:04:03.0155 1684 HidBth - ok
21:04:03.0170 1684 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:04:03.0186 1684 HidIr - ok
21:04:03.0280 1684 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
21:04:03.0280 1684 HidUsb - ok
21:04:03.0311 1684 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:04:03.0311 1684 HpCISSs - ok
21:04:03.0342 1684 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:04:03.0342 1684 HSFHWAZL - ok
21:04:03.0389 1684 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:04:03.0404 1684 HSF_DPV - ok
21:04:03.0529 1684 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
21:04:03.0529 1684 HTTP - ok
21:04:03.0560 1684 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:04:03.0560 1684 i2omp - ok
21:04:03.0623 1684 i8042prt - ok
21:04:03.0670 1684 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:04:03.0670 1684 iaStorV - ok
21:04:03.0904 1684 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:04:03.0966 1684 igfx - ok
21:04:04.0060 1684 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:04:04.0060 1684 iirsp - ok
21:04:04.0106 1684 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
21:04:04.0106 1684 int15 - ok
21:04:04.0184 1684 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
21:04:04.0200 1684 IntcAzAudAddService - ok
21:04:04.0294 1684 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:04:04.0294 1684 intelide - ok
21:04:04.0309 1684 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:04:04.0309 1684 intelppm - ok
21:04:04.0325 1684 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:04:04.0325 1684 IpFilterDriver - ok
21:04:04.0434 1684 IpInIp - ok
21:04:04.0465 1684 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:04:04.0465 1684 IPMIDRV - ok
21:04:04.0496 1684 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:04:04.0496 1684 IPNAT - ok
21:04:04.0528 1684 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
21:04:04.0528 1684 irda - ok
21:04:04.0606 1684 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:04:04.0606 1684 IRENUM - ok
21:04:04.0637 1684 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:04:04.0652 1684 isapnp - ok
21:04:04.0684 1684 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
21:04:04.0684 1684 iScsiPrt - ok
21:04:04.0715 1684 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:04:04.0715 1684 iteatapi - ok
21:04:04.0808 1684 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:04:04.0808 1684 iteraid - ok
21:04:04.0808 1684 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:04:04.0808 1684 kbdclass - ok
21:04:04.0840 1684 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
21:04:04.0840 1684 kbdhid - ok
21:04:04.0902 1684 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
21:04:04.0902 1684 KSecDD - ok
21:04:04.0933 1684 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:04:04.0933 1684 lltdio - ok
21:04:05.0042 1684 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:04:05.0042 1684 LSI_FC - ok
21:04:05.0058 1684 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:04:05.0074 1684 LSI_SAS - ok
21:04:05.0089 1684 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:04:05.0089 1684 LSI_SCSI - ok
21:04:05.0136 1684 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:04:05.0136 1684 luafv - ok
21:04:05.0245 1684 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:04:05.0245 1684 MBAMProtector - ok
21:04:05.0292 1684 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:04:05.0292 1684 megasas - ok
21:04:05.0323 1684 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:04:05.0323 1684 MegaSR - ok
21:04:05.0432 1684 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:04:05.0432 1684 Modem - ok
21:04:05.0448 1684 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:04:05.0448 1684 monitor - ok
21:04:05.0479 1684 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:04:05.0479 1684 mouclass - ok
21:04:05.0495 1684 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:04:05.0495 1684 mouhid - ok
21:04:05.0510 1684 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:04:05.0510 1684 MountMgr - ok
21:04:05.0604 1684 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:04:05.0604 1684 mpio - ok
21:04:05.0635 1684 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:04:05.0635 1684 mpsdrv - ok
21:04:05.0666 1684 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:04:05.0666 1684 Mraid35x - ok
21:04:05.0682 1684 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
21:04:05.0682 1684 MRxDAV - ok
21:04:05.0729 1684 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:04:05.0729 1684 mrxsmb - ok
21:04:05.0822 1684 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:04:05.0822 1684 mrxsmb10 - ok
21:04:05.0869 1684 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:04:05.0869 1684 mrxsmb20 - ok
21:04:05.0900 1684 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
21:04:05.0900 1684 msahci - ok
21:04:05.0978 1684 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:04:05.0978 1684 msdsm - ok
21:04:06.0010 1684 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:04:06.0010 1684 Msfs - ok
21:04:06.0041 1684 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:04:06.0041 1684 msisadrv - ok
21:04:06.0072 1684 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:04:06.0072 1684 MSKSSRV - ok
21:04:06.0166 1684 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:04:06.0166 1684 MSPCLOCK - ok
21:04:06.0181 1684 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:04:06.0181 1684 MSPQM - ok
21:04:06.0197 1684 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
21:04:06.0197 1684 MsRPC - ok
21:04:06.0212 1684 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:04:06.0212 1684 mssmbios - ok
21:04:06.0228 1684 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:04:06.0228 1684 MSTEE - ok
21:04:06.0244 1684 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
21:04:06.0244 1684 Mup - ok
21:04:06.0337 1684 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
21:04:06.0337 1684 NativeWifiP - ok
21:04:06.0384 1684 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
21:04:06.0384 1684 NDIS - ok
21:04:06.0415 1684 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:04:06.0415 1684 NdisTapi - ok
21:04:06.0493 1684 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:04:06.0493 1684 Ndisuio - ok
21:04:06.0509 1684 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
21:04:06.0509 1684 NdisWan - ok
21:04:06.0540 1684 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:04:06.0540 1684 NDProxy - ok
21:04:06.0556 1684 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:04:06.0556 1684 NetBIOS - ok
21:04:06.0649 1684 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
21:04:06.0649 1684 netbt - ok
21:04:06.0712 1684 netr28 (a013222a9a890ddaac967debade59ead) C:\Windows\system32\DRIVERS\netr28.sys
21:04:06.0712 1684 netr28 - ok
21:04:06.0790 1684 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:04:06.0790 1684 nfrd960 - ok
21:04:06.0821 1684 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
21:04:06.0821 1684 Npfs - ok
21:04:06.0836 1684 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
21:04:06.0852 1684 NSCIRDA - ok
21:04:06.0868 1684 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:04:06.0868 1684 nsiproxy - ok
21:04:06.0961 1684 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
21:04:06.0977 1684 Ntfs - ok
21:04:07.0070 1684 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
21:04:07.0070 1684 NTIDrvr - ok
21:04:07.0164 1684 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
21:04:07.0164 1684 NTIPPKernel - ok
21:04:07.0258 1684 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:04:07.0258 1684 ntrigdigi - ok
21:04:07.0289 1684 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:04:07.0289 1684 Null - ok
21:04:07.0320 1684 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:04:07.0320 1684 nvraid - ok
21:04:07.0351 1684 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:04:07.0351 1684 nvstor - ok
21:04:07.0382 1684 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:04:07.0382 1684 nv_agp - ok
21:04:07.0460 1684 NwlnkFlt - ok
21:04:07.0476 1684 NwlnkFwd - ok
21:04:07.0523 1684 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
21:04:07.0523 1684 ohci1394 - ok
21:04:07.0570 1684 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:04:07.0570 1684 Parport - ok
21:04:07.0601 1684 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
21:04:07.0601 1684 partmgr - ok
21:04:07.0632 1684 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:04:07.0632 1684 Parvdm - ok
21:04:07.0726 1684 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
21:04:07.0726 1684 pci - ok
21:04:07.0757 1684 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:04:07.0757 1684 pciide - ok
21:04:07.0804 1684 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
21:04:07.0804 1684 pcmcia - ok
21:04:07.0850 1684 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:04:07.0850 1684 PEAUTH - ok
21:04:07.0991 1684 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:04:07.0991 1684 PptpMiniport - ok
21:04:08.0006 1684 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:04:08.0006 1684 Processor - ok
21:04:08.0053 1684 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
21:04:08.0053 1684 PSched - ok
21:04:08.0131 1684 PSDFilter (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys
21:04:08.0131 1684 PSDFilter - ok
21:04:08.0162 1684 PSDNServ (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys
21:04:08.0162 1684 PSDNServ - ok
21:04:08.0178 1684 psdvdisk (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys
21:04:08.0178 1684 psdvdisk - ok
21:04:08.0256 1684 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:04:08.0256 1684 ql2300 - ok
21:04:08.0350 1684 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:04:08.0350 1684 ql40xx - ok
21:04:08.0396 1684 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:04:08.0396 1684 QWAVEdrv - ok
21:04:08.0412 1684 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:04:08.0412 1684 RasAcd - ok
21:04:08.0506 1684 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:04:08.0506 1684 Rasl2tp - ok
21:04:08.0537 1684 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
21:04:08.0537 1684 RasPppoe - ok
21:04:08.0552 1684 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
21:04:08.0552 1684 RasSstp - ok
21:04:08.0584 1684 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
21:04:08.0584 1684 rdbss - ok
21:04:08.0677 1684 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:04:08.0677 1684 RDPCDD - ok
21:04:08.0708 1684 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:04:08.0708 1684 rdpdr - ok
21:04:08.0724 1684 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:04:08.0724 1684 RDPENCDD - ok
21:04:08.0755 1684 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
21:04:08.0771 1684 RDPWD - ok
21:04:08.0818 1684 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:04:08.0818 1684 rspndr - ok
21:04:08.0911 1684 RTSTOR (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS
21:04:08.0911 1684 RTSTOR - ok
21:04:08.0958 1684 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:04:08.0958 1684 sbp2port - ok
21:04:08.0989 1684 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
21:04:08.0989 1684 sdbus - ok
21:04:09.0067 1684 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:04:09.0067 1684 secdrv - ok
21:04:09.0130 1684 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:04:09.0130 1684 Serenum - ok
21:04:09.0208 1684 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:04:09.0208 1684 Serial - ok
21:04:09.0254 1684 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:04:09.0254 1684 sermouse - ok
21:04:09.0348 1684 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:04:09.0348 1684 sffdisk - ok
21:04:09.0379 1684 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:04:09.0379 1684 sffp_mmc - ok
21:04:09.0410 1684 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:04:09.0410 1684 sffp_sd - ok
21:04:09.0504 1684 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
21:04:09.0504 1684 sfloppy - ok
21:04:09.0551 1684 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:04:09.0551 1684 sisagp - ok
21:04:09.0644 1684 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:04:09.0644 1684 SiSRaid2 - ok
21:04:09.0707 1684 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:04:09.0707 1684 SiSRaid4 - ok
21:04:09.0800 1684 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
21:04:09.0800 1684 Smb - ok
21:04:09.0863 1684 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:04:09.0863 1684 spldr - ok
21:04:09.0956 1684 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
21:04:09.0956 1684 srv - ok
21:04:10.0019 1684 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
21:04:10.0019 1684 srv2 - ok
21:04:10.0097 1684 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
21:04:10.0097 1684 srvnet - ok
21:04:10.0159 1684 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:04:10.0159 1684 swenum - ok
21:04:10.0237 1684 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:04:10.0237 1684 Symc8xx - ok
21:04:10.0268 1684 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:04:10.0268 1684 Sym_hi - ok
21:04:10.0284 1684 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:04:10.0284 1684 Sym_u3 - ok
21:04:10.0331 1684 SynTP (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys
21:04:10.0331 1684 SynTP - ok
21:04:10.0456 1684 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
21:04:10.0471 1684 Tcpip - ok
21:04:10.0580 1684 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
21:04:10.0580 1684 Tcpip6 - ok
21:04:10.0674 1684 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
21:04:10.0674 1684 tcpipreg - ok
21:04:10.0690 1684 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:04:10.0690 1684 TDPIPE - ok
21:04:10.0721 1684 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:04:10.0721 1684 TDTCP - ok
21:04:10.0752 1684 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
21:04:10.0752 1684 tdx - ok
21:04:10.0861 1684 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
21:04:10.0861 1684 TermDD - ok
21:04:10.0908 1684 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:04:10.0908 1684 tssecsrv - ok
21:04:10.0924 1684 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:04:10.0924 1684 tunmp - ok
21:04:10.0955 1684 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
21:04:10.0955 1684 tunnel - ok
21:04:11.0048 1684 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:04:11.0048 1684 uagp35 - ok
21:04:11.0080 1684 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
21:04:11.0080 1684 UBHelper - ok
21:04:11.0111 1684 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
21:04:11.0111 1684 udfs - ok
21:04:11.0158 1684 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:04:11.0158 1684 uliagpkx - ok
21:04:11.0251 1684 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:04:11.0251 1684 uliahci - ok
21:04:11.0282 1684 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:04:11.0282 1684 UlSata - ok
21:04:11.0298 1684 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:04:11.0298 1684 ulsata2 - ok
21:04:11.0329 1684 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:04:11.0329 1684 umbus - ok
21:04:11.0423 1684 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:04:11.0423 1684 USBAAPL - ok
21:04:11.0470 1684 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
21:04:11.0470 1684 usbaudio - ok
21:04:11.0516 1684 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:04:11.0516 1684 usbccgp - ok
21:04:11.0610 1684 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:04:11.0610 1684 usbcir - ok
21:04:11.0641 1684 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
21:04:11.0641 1684 usbehci - ok
21:04:11.0672 1684 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
21:04:11.0672 1684 usbhub - ok
21:04:11.0688 1684 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:04:11.0688 1684 usbohci - ok
21:04:11.0782 1684 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:04:11.0782 1684 usbprint - ok
21:04:11.0828 1684 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:04:11.0828 1684 usbscan - ok
21:04:11.0875 1684 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:04:11.0875 1684 USBSTOR - ok
21:04:11.0906 1684 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:04:11.0906 1684 usbuhci - ok
21:04:12.0000 1684 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:04:12.0000 1684 usbvideo - ok
21:04:12.0031 1684 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:04:12.0031 1684 vga - ok
21:04:12.0047 1684 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:04:12.0047 1684 VgaSave - ok
21:04:12.0078 1684 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:04:12.0078 1684 viaagp - ok
21:04:12.0109 1684 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:04:12.0109 1684 ViaC7 - ok
21:04:12.0203 1684 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:04:12.0203 1684 viaide - ok
21:04:12.0234 1684 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:04:12.0234 1684 volmgr - ok
21:04:12.0265 1684 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
21:04:12.0265 1684 volmgrx - ok
21:04:12.0296 1684 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
21:04:12.0296 1684 volsnap - ok
21:04:12.0390 1684 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:04:12.0390 1684 vsmraid - ok
21:04:12.0437 1684 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:04:12.0437 1684 WacomPen - ok
21:04:12.0452 1684 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:04:12.0452 1684 Wanarp - ok
21:04:12.0468 1684 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:04:12.0468 1684 Wanarpv6 - ok
21:04:12.0499 1684 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:04:12.0499 1684 Wd - ok
21:04:12.0593 1684 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:04:12.0608 1684 Wdf01000 - ok
21:04:12.0686 1684 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:04:12.0686 1684 winachsf - ok
21:04:12.0811 1684 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:04:12.0811 1684 WmiAcpi - ok
21:04:12.0874 1684 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
21:04:12.0874 1684 WpdUsb - ok
21:04:12.0905 1684 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:04:12.0905 1684 ws2ifsl - ok
21:04:12.0936 1684 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:04:12.0936 1684 WUDFRd - ok
21:04:13.0045 1684 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
21:04:13.0045 1684 yukonwlh - ok
21:04:13.0123 1684 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
21:04:13.0123 1684 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
21:04:13.0139 1684 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
21:04:15.0385 1684 \Device\Harddisk0\DR0 - ok
21:04:15.0401 1684 Boot (0x1200) (eb48696cdcc2838530e9cac44fcf4a27) \Device\Harddisk0\DR0\Partition0
21:04:15.0401 1684 \Device\Harddisk0\DR0\Partition0 - ok
21:04:15.0416 1684 Boot (0x1200) (58995969653c4cb7538dcc4dd0d5e2c9) \Device\Harddisk0\DR0\Partition1
21:04:15.0416 1684 \Device\Harddisk0\DR0\Partition1 - ok
21:04:15.0416 1684 ============================================================
21:04:15.0416 1684 Scan finished
21:04:15.0416 1684 ============================================================
21:04:15.0432 1672 Detected object count: 0
21:04:15.0432 1672 Actual detected object count: 0
21:04:25.0619 1656 Deinitialize success
 
Good.
Delete your Combofix file, download fresh one and run it again from safe mode.
 
Unfortunately I'm having the same results as before with combofix.
It just reboots and when it restarts there is no logfile and when I run it again the same happens.
 
Is AVG still complaining?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I uninstalled AVG before I ran combofix and haven't reinstalled it yet so I couldn't tell you.
I don't mean to sound naive but is there any way my computer can be fixed soon? It's just i need it for work. I spoke to a technician where I work today and he suggested a backup and factory reset. Obviously I want to avoid this but I was wondering what your opinion on this was?

Anyway here are the logs:

OTL logfile created on: 06/03/2012 18:46:43 - Run 3
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Chloe\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 81.79% Memory free
6.06 Gb Paging File | 5.78 Gb Available in Paging File | 95.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 25.29 Gb Free Space | 22.66% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 86.64 Gb Free Space | 77.67% Space Free | Partition Type: NTFS

Computer Name: STUDENT00060804 | User Name: Chloe | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 17:57:26 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Chloe\Desktop\OTL.exe
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wusb54gv2svc)
SRV - File not found [Auto | Stopped] -- -- (winpowermanager)
SRV - File not found [Auto | Stopped] -- -- (smbusp)
SRV - File not found [Auto | Stopped] -- -- (rollbackclientservice)
SRV - File not found [Auto | Stopped] -- -- (rfcomm)
SRV - File not found [Auto | Stopped] -- -- (orbpvr)
SRV - File not found [Auto | Stopped] -- -- (nvrd32)
SRV - File not found [Auto | Stopped] -- -- (ltxred)
SRV - File not found [Auto | Stopped] -- -- (ltmodem5)
SRV - File not found [Auto | Stopped] -- -- (irbus)
SRV - File not found [Auto | Stopped] -- -- (iam)
SRV - File not found [Auto | Stopped] -- -- (CX88ENC)
SRV - File not found [Auto | Stopped] -- -- (ctxcpuusync)
SRV - File not found [Auto | Stopped] -- -- (AsuhfivrO)
SRV - File not found [Auto | Stopped] -- -- (A88xXBar)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/17 15:30:48 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/05/15 01:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/03/21 20:22:52 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\vnxservice.dll -- (wcontrol)
SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\scdemu.dll -- (W700mgmt)
SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\rvsinst.dll -- (TeamViewer)
SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\W700obex.dll -- (ser2pl)
SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\wm.dll -- (rxmssync)
SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\SE2Dmdfl.dll -- (ovt519)
SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\streamloadservice.dll -- (DSI_SiUSBXp_3_1)
SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\zebrmdfl.dll -- (ctxcpubal)
SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\TPECioCtl.dll -- (CT20XUT.DLL)
SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\ScFBPNT3.dll -- (cdvp)
SRV - [2008/01/21 02:33:13 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\U81xobex.dll -- (beatjammusicstreamingserver)
SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 01:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- -- (i8042prt)
DRV - File not found [Kernel | System | Stopped] -- -- (cdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/04/18 22:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/03/21 17:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/02/29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 02:34:42 | 000,071,680 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2008/01/17 01:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1208&m=aspire_5735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB323GB323
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=YzulfBvfy-qnZVnyYp3tNpzpqQs?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=uk&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wwwcache.lancs.ac.uk/

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Chloe\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/14 15:27:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/14 15:27:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/14 15:27:55 | 000,000,000 | ---D | M]

[2012/02/06 22:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chloe\AppData\Roaming\mozilla\Extensions
[2012/02/06 22:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chloe\AppData\Roaming\mozilla\Firefox\Profiles\mzd3d731.default\extensions
[2012/02/06 22:10:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Chloe\AppData\Roaming\mozilla\Firefox\Profiles\mzd3d731.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/02/06 16:13:46 | 000,002,519 | ---- | M] () -- C:\Users\Chloe\AppData\Roaming\Mozilla\Firefox\Profiles\mzd3d731.default\searchplugins\Search_Results.xml
[2012/02/06 22:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/17 22:21:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/14 15:27:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/09/14 02:02:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 07:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/06 16:13:46 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chloe\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Stitches = C:\Users\Chloe\AppData\Local\Google\Chrome\User Data\Default\Extensions\annpjgednbdhheijbefcpeaipapajkof\1.0\
CHR - Extension: YouTube = C:\Users\Chloe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chloe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Chloe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Chloe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B150B73-0B6D-4752-930B-8DD2FA4C828C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E6AD12D-A78C-4827-9AB5-53B3564CF1C7}: DhcpNameServer = 10.0.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chloe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chloe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07310174-fc51-11de-ae81-001d72edfacb}\Shell - "" = AutoRun
O33 - MountPoints2\{07310174-fc51-11de-ae81-001d72edfacb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a0a596d8-2315-11df-a017-001d72edfacb}\Shell - "" = AutoRun
O33 - MountPoints2\{a0a596d8-2315-11df-a017-001d72edfacb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e8c3efd6-c321-11df-8421-001d72edfacb}\Shell - "" = AutoRun
O33 - MountPoints2\{e8c3efd6-c321-11df-8421-001d72edfacb}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: ctxcpuusync - File not found
NetSvcs: orbpvr - File not found
NetSvcs: CT20XUT.DLL - C:\Windows\System32\TPECioCtl.dll (Oak Technology Inc.)
NetSvcs: wcontrol - C:\Windows\System32\vnxservice.dll (Oak Technology Inc.)
NetSvcs: ltxred - File not found
NetSvcs: irbus - File not found
NetSvcs: cdvp - C:\Windows\System32\ScFBPNT3.dll (Oak Technology Inc.)
NetSvcs: TeamViewer - C:\Windows\System32\rvsinst.dll (Oak Technology Inc.)
NetSvcs: ctxcpubal - C:\Windows\System32\zebrmdfl.dll (Oak Technology Inc.)
NetSvcs: ser2pl - C:\Windows\System32\W700obex.dll (Oak Technology Inc.)
NetSvcs: rxmssync - C:\Windows\System32\wm.dll (Oak Technology Inc.)
NetSvcs: ltmodem5 - File not found
NetSvcs: rfcomm - File not found
NetSvcs: ovt519 - C:\Windows\System32\SE2Dmdfl.dll (Oak Technology Inc.)
NetSvcs: AsuhfivrO - File not found
NetSvcs: iam - File not found
NetSvcs: rollbackclientservice - File not found
NetSvcs: nvrd32 - File not found
NetSvcs: winpowermanager - File not found
NetSvcs: W700mgmt - C:\Windows\System32\scdemu.dll (Oak Technology Inc.)
NetSvcs: DSI_SiUSBXp_3_1 - C:\Windows\System32\streamloadservice.dll (Oak Technology Inc.)
NetSvcs: wusb54gv2svc - File not found
NetSvcs: CX88ENC - File not found
NetSvcs: smbusp - File not found
NetSvcs: beatjammusicstreamingserver - C:\Windows\System32\U81xobex.dll (Oak Technology Inc.)
NetSvcs: A88xXBar - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 18:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/06 18:30:30 | 003,968,384 | ---- | C] (AVG Technologies) -- C:\Users\Chloe\Desktop\avg_free_stb_all_2012_1913_cnet.exe
[2012/03/06 18:04:03 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Chloe\Desktop\OTL.exe
[2012/03/05 18:33:03 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/05 18:12:34 | 004,427,148 | R--- | C] (Swearware) -- C:\Users\Chloe\Desktop\ComboFix.exe
[2012/03/04 20:28:33 | 000,000,000 | ---D | C] -- C:\Users\Chloe\Desktop\tdsskiller
[2012/03/04 11:25:14 | 000,000,000 | ---D | C] -- C:\Users\Chloe\Desktop\bootkit_remover
[2012/03/02 19:27:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/02 19:27:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/02 19:27:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/02 19:27:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/02 19:27:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/02 19:18:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/02 19:14:41 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Chloe\Desktop\AppRemover.exe
[2012/03/01 19:09:01 | 000,000,000 | ---D | C] -- C:\Users\Chloe\Desktop\RK_Quarantine
[2012/03/01 18:53:41 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Chloe\Desktop\aswMBR.exe
[2012/02/29 19:42:58 | 000,000,000 | ---D | C] -- C:\Users\Chloe\Desktop\LOGS
[2012/02/29 19:23:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Chloe\Desktop\dds.scr
[2012/02/26 22:26:55 | 000,000,000 | ---D | C] -- C:\Users\Chloe\AppData\Roaming\PCPro
[2012/02/26 22:26:55 | 000,000,000 | ---D | C] -- C:\Users\Chloe\AppData\Roaming\PC Cleaners
[2012/02/26 22:26:28 | 005,279,504 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/02/26 22:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/02/09 16:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2012/02/09 15:51:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{13A9B825-42CB-4973-913D-2194B5A4CF94}
[2012/02/07 18:36:21 | 000,000,000 | ---D | C] -- C:\Users\Chloe\AppData\Roaming\Malwarebytes
[2012/02/07 18:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/07 18:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/07 18:35:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/07 18:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/06 16:14:48 | 000,000,000 | ---D | C] -- C:\Users\Chloe\AppData\Local\Ilivid Player
[2012/02/06 16:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

========== Files - Modified Within 30 Days ==========

[2012/03/06 18:39:40 | 000,601,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/06 18:39:40 | 000,105,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/06 18:08:00 | 003,968,384 | ---- | M] (AVG Technologies) -- C:\Users\Chloe\Desktop\avg_free_stb_all_2012_1913_cnet.exe
[2012/03/06 17:57:26 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Chloe\Desktop\OTL.exe
[2012/03/06 17:50:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/05 22:47:50 | 000,236,544 | ---- | M] () -- C:\Users\Chloe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/05 18:46:00 | 189,098,205 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/05 18:45:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/03/05 18:45:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/05 18:45:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 18:45:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 18:29:24 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/05 18:10:54 | 004,427,148 | R--- | M] (Swearware) -- C:\Users\Chloe\Desktop\ComboFix.exe
[2012/03/03 17:46:36 | 000,007,728 | ---- | M] () -- C:\Users\Chloe\AppData\Local\d3d9caps.dat
[2012/03/02 19:19:53 | 000,002,622 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/03/02 19:16:05 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Chloe\Desktop\AppRemover.exe
[2012/03/02 19:12:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 19:08:32 | 001,339,904 | ---- | M] () -- C:\Users\Chloe\Desktop\RogueKiller.exe
[2012/03/01 19:06:51 | 000,000,512 | ---- | M] () -- C:\Users\Chloe\Desktop\MBR.dat
[2012/03/01 18:54:02 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Chloe\Desktop\aswMBR.exe
[2012/02/29 19:24:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Chloe\Desktop\dds.scr
[2012/02/26 22:24:27 | 005,279,504 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/02/26 22:14:56 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/09 16:22:40 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Massive.lnk
[2012/02/07 18:35:58 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/02/06 21:46:39 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/02/06 21:46:39 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/02/06 21:46:39 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/02/06 21:46:38 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/06 21:41:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/02/06 21:41:29 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\At10.job

========== Files Created - No Company Name ==========

[2012/03/02 19:27:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/02 19:27:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/02 19:27:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/02 19:27:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/02 19:27:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/02 19:19:52 | 000,002,622 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/03/01 19:08:29 | 001,339,904 | ---- | C] () -- C:\Users\Chloe\Desktop\RogueKiller.exe
[2012/03/01 19:06:51 | 000,000,512 | ---- | C] () -- C:\Users\Chloe\Desktop\MBR.dat
[2012/02/27 23:19:47 | 189,098,205 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/09 16:22:40 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Massive.lnk
[2012/02/07 18:35:58 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 21:41:29 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\At10.job
[2012/02/06 21:41:28 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At9.job
[2012/02/06 21:41:27 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2012/02/06 21:41:26 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At7.job
[2012/02/06 21:41:25 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2012/02/06 21:41:24 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At5.job
[2012/02/06 21:41:22 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2012/02/06 21:41:21 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At3.job
[2012/02/06 21:41:20 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2012/02/06 21:41:19 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/02/06 21:31:15 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2011/05/02 00:10:39 | 000,000,000 | ---- | C] () -- C:\Users\Chloe\AppData\Local\{E9555008-C231-4DDA-BD1C-FA0E1EB64060}
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

========== LOP Check ==========

[2010/12/27 22:13:45 | 000,000,000 | -HSD | M] -- C:\Users\Chloe\AppData\Roaming\.#
[2011/08/21 00:09:10 | 000,000,000 | ---D | M] -- C:\Users\Chloe\AppData\Roaming\.minecraft
[2008/05/15 05:46:38 | 000,000,000 | ---D | M] -- C:\Users\Chloe\AppData\Roaming\Acer GameZone Console
[2012/03/05 18:45:20 | 000,000,000 | ---D | M] -- C:\Users\Chloe\AppData\Roaming\BitTorrent
[2011/09/18 19:21:54 | 000,000,000 | ---D | M] -- C:\Users\Chloe\AppData\Roaming\CleanMyPC Software
[2010/07/15 10:59:22 | 000,000,000 | ---D | M] -- C:\Users\Chloe\AppData\Roaming\EPSON
[2009/04/12 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\Chloe\AppData\Roaming\eSobi
[2012/02/26 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\Chloe\AppData\Roaming\PC Cleaners
[2012/02/26 22:37:14 | 000,000,000 | ---D | M] -- C:\Users\Chloe\AppData\Roaming\PCPro
[2009/06/15 20:20:58 | 000,000,000 | ---D | M] -- C:\Users\Chloe\AppData\Roaming\PowerCinema
[2011/08/22 20:26:33 | 000,000,000 | ---D | M] -- C:\Users\Chloe\AppData\Roaming\Spotify
[2012/02/06 21:46:38 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/02/06 21:41:29 | 000,000,278 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/02/06 21:46:39 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/02/06 21:46:39 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2012/02/06 21:46:39 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2012/02/06 21:41:29 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2012/03/05 18:43:57 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 02:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/02/10 23:06:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/03/06 17:50:23 | 3460,423,680 | -HS- | M] () -- C:\pagefile.sys
[2008/12/16 00:25:26 | 000,004,132 | -HS- | M] () -- C:\Patch.rev
[2008/05/15 07:28:39 | 000,000,146 | RHS- | M] () -- C:\preload.rev
[2008/12/21 02:01:59 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log
[2011/05/25 22:21:11 | 000,000,000 | ---- | M] () -- C:\t1o8.1
[2011/09/02 16:48:42 | 000,000,000 | ---- | M] () -- C:\t1oc.1
[2012/02/28 18:58:54 | 000,080,094 | ---- | M] () -- C:\TDSSKiller.2.7.15.0_28.02.2012_18.56.53_log.txt
[2012/02/29 18:20:48 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.15.0_29.02.2012_18.20.44_log.txt
[2012/02/29 18:22:29 | 000,078,602 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_29.02.2012_18.21.21_log.txt
[2012/03/04 20:33:33 | 000,075,024 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_04.03.2012_20.32.12_log.txt
[2012/03/04 21:03:11 | 000,073,874 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_04.03.2012_21.02.42_log.txt
[2012/03/04 21:04:25 | 000,073,874 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_04.03.2012_21.03.55_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 12:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 12:35:34 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 02:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 03:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 03:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 03:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/04/26 22:11:38 | 000,000,365 | -HS- | M] () -- C:\Users\Chloe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/02 19:16:05 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Chloe\Desktop\AppRemover.exe
[2012/03/01 18:54:02 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Chloe\Desktop\aswMBR.exe
[2012/03/06 18:08:00 | 003,968,384 | ---- | M] (AVG Technologies) -- C:\Users\Chloe\Desktop\avg_free_stb_all_2012_1913_cnet.exe
[2012/03/05 18:10:54 | 004,427,148 | R--- | M] (Swearware) -- C:\Users\Chloe\Desktop\ComboFix.exe
[2011/09/17 13:02:47 | 000,270,142 | ---- | M] () -- C:\Users\Chloe\Desktop\Minecraft.exe
[2012/03/06 17:57:26 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Chloe\Desktop\OTL.exe
[2012/03/01 19:08:32 | 001,339,904 | ---- | M] () -- C:\Users\Chloe\Desktop\RogueKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/02/06 21:46:38 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/06 21:41:29 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/02/06 21:46:39 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/02/06 21:46:39 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/02/06 21:46:39 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/02/06 21:46:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/02/06 21:41:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/03/05 18:45:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/02 19:12:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/05 18:45:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/05 18:43:57 | 000,032,628 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2008/12/21 01:54:37 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2008/12/21 01:54:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2008/12/21 01:54:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2008/12/21 01:54:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2008/12/21 01:54:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2008/12/21 01:54:07 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/12 05:06:24 | 000,000,402 | -HS- | M] () -- C:\Users\Chloe\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/06/15 20:21:37 | 000,003,516 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe2.log
[2012/03/02 19:19:53 | 000,002,622 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB30357$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:ECF54A0E

< End of report >
 
OTL Extras logfile created on: 06/03/2012 18:05:39 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Chloe\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 87.62% Memory free
6.06 Gb Paging File | 5.87 Gb Available in Paging File | 96.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 25.31 Gb Free Space | 22.68% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 86.64 Gb Free Space | 77.67% Space Free | Partition Type: NTFS

Computer Name: STUDENT00060804 | User Name: Chloe | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7CC156FF-6D56-4043-9AD7-D989D7483A00}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A599CB-E407-44CD-BAA3-BA722DCC0C87}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B13F70F-5D09-4D05-9F95-BBC8FB528829}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{0EDCBD73-AABC-41D8-A807-2C2FBE28AF3C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0FB26C8B-17A7-4BBC-B20F-04ED76B2025B}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{1BDF6941-9023-4A38-A387-B6585A7D46CF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1C3BE6B5-C997-44A2-80B1-CB4AD9C0E372}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{27480808-AC70-4095-8647-9F9FE9589456}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2B96FE96-251A-4DAB-904E-9BFAF0F46EB3}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2F5263E4-7C8A-4B05-9BEC-442025B490A9}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{3DE0A4C1-7FCA-41EB-AD2A-8F9C438541E7}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{3E14A432-0D12-40F1-A325-D652791133CC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{3F3DB6DB-E900-4595-ADFE-847A82966164}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{46CF3DE6-7CED-455F-BF34-3CB090160DC7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5204E966-EF9E-49E9-9763-FD096275A209}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{564F998F-5636-4378-9B1E-E53E34FEA55C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{611EBF84-579E-4A87-B4AE-373C73A05F2A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{78C0F7ED-AD03-4524-AA58-B94ADDC54609}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{8B533F48-8C72-4A62-8CDE-5FFA8F8686E5}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{93F43F8D-1D74-4242-862A-6343CC75F3D9}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{9757E8EB-4726-419A-840D-8142ABA407DC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9AAC521E-278C-470D-9755-3E2B45AEE29F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A1201955-1C3D-4F1D-B0EE-AA29EFC35C79}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A720D4BC-44B9-4992-8F78-0305468FDEB6}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{AEEC7391-39DB-4BF8-9CAD-9AEF66A24F31}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{B39A49E9-AADB-4276-A93B-4A234B3D69D2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{BDAFE58D-38F3-45EA-8B29-7BDA091453F5}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{BF14971B-1CE3-40B5-92B9-16EAC521A9D0}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{C3C6E1DD-FDC4-4F1A-AE8F-2C7164177A52}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{C440B538-21A8-4860-9EA7-0FF7F6CC79F2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DAB44904-2ABE-423A-AC76-35882E87E0F6}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{E8239B43-6DC0-4271-B97D-B5951B35F007}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F158F2D0-605A-4BD0-A632-7B1567DE160F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F715662D-4944-47A6-BD22-27869A9CCBA9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F8E15F1B-3FEA-44E6-89C6-19A3006067B9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FEB1375E-F0EC-4DE0-B8B8-6432C02F8637}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"TCP Query User{08A8D6A2-10FB-4DDF-A40F-2A3184D16C1C}C:\program files\pearson vue\ukcat practice tests\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\pearson vue\ukcat practice tests\jre\bin\java.exe |
"TCP Query User{88D7EFC1-FD1C-4EAB-9E7D-CAE2E06EB658}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{B79A691C-1268-48F7-9D5B-7C5877D3D52A}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{784468D9-5AC9-45A3-B9F3-828BC217C6C9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C99E7E7F-61BB-4FBB-8352-F051068F0BBA}C:\program files\pearson vue\ukcat practice tests\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\pearson vue\ukcat practice tests\jre\bin\java.exe |
"UDP Query User{F6F3B20C-DDA2-447F-AA01-0A37EDE4C382}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6534F75-713F-4696-A3D5-77D7F5BD3811}" = UKCAT Practice Tests
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"Deckadance" = Deckadance
"Drumaxx" = Drumaxx
"Effectrix_is1" = Effectrix 1.4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FL Studio 10" = FL Studio 10
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IL Download Manager" = IL Download Manager
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"PoiZone" = PoiZone
"rgcAudio z3ta Plus v1.40" = rgcAudio z3ta Plus v1.40
"Sakura" = Sakura
"Sawer" = Sawer
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.1.5
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/02/2012 15:30:57 | Computer Name = STUDENT00060804 | Source = WinMgmt | ID = 10
Description =

Error - 08/02/2012 15:44:05 | Computer Name = STUDENT00060804 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 08/02/2012 15:50:59 | Computer Name = STUDENT00060804 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 08/02/2012 16:01:56 | Computer Name = STUDENT00060804 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 08/02/2012 16:12:11 | Computer Name = STUDENT00060804 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 08/02/2012 16:23:05 | Computer Name = STUDENT00060804 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 08/02/2012 16:31:15 | Computer Name = STUDENT00060804 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 08/02/2012 16:40:52 | Computer Name = STUDENT00060804 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 08/02/2012 16:41:04 | Computer Name = STUDENT00060804 | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 08/02/2012 16:41:04 | Computer Name = STUDENT00060804 | Source = Symantec AntiVirus | ID = 16711725
Description =

[ OSession Events ]
Error - 12/09/2010 21:51:31 | Computer Name = Chloe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30082
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06/03/2012 13:52:14 | Computer Name = STUDENT00060804 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/03/2012 13:52:14 | Computer Name = STUDENT00060804 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/03/2012 13:52:14 | Computer Name = STUDENT00060804 | Source = Service Control Manager | ID = 7003
Description =

Error - 06/03/2012 13:52:14 | Computer Name = STUDENT00060804 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/03/2012 13:52:14 | Computer Name = STUDENT00060804 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/03/2012 13:52:14 | Computer Name = STUDENT00060804 | Source = Service Control Manager | ID = 7026
Description =

Error - 06/03/2012 13:52:14 | Computer Name = STUDENT00060804 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/03/2012 13:52:14 | Computer Name = STUDENT00060804 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/03/2012 13:52:14 | Computer Name = STUDENT00060804 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/03/2012 13:52:14 | Computer Name = STUDENT00060804 | Source = Service Control Manager | ID = 7001
Description =


< End of report >



(Had to split the reports up due to character restrictions)
 
Managed to install the microsoft protection. Quick scan revealed 2 problems: 1.Trojan Win32/sireref.ac 2. TrojanDropper:Win32/Sireref.B. Both cured.

However, a program saying it is adobe flash keeps trying to install and I don't quite trust it as I'm not convinced it is genuine.

I also cannot turn on real-time protection on the microsoft protection and my keyboard and mouse are not working still and the comoputer still blue screens when in normal mode

...not too many problems then...ha
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back