Solved System check problems

S

sonik1

Posts: 17   +0
Hi , i have somehow managed to get infected with "system check" and nothing i do will get rid , i cannot access anything on the laptop , i am currently in safemode writing this, and i'm currently scanning with malwarebytes,

this laptop has so many pics and vids of my daughter's birth etc that i never backed up , silly i know , but i really need to get this sytem check out of the system ,

any help would be much appreciated.

EDIT: Malwarebytes was scanned in safemode , the rest was done normally because after running malwarebytes i was able to gain partial control of the pc again so i didnt need safemode.
 
Malwarebytes just finished scanning and it found 8 problems , i am not sure if i should remove selected problems with Malwarebytes or wait for help ?

heres the log file:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.04

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [administrator]

17/03/2012 12:45:27
mbam-log-2012-03-17 (13-24-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286574
Time elapsed: 34 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qvPKttoujdWOABX.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\qvPKttoujdWOABX.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> No action taken.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\qvPKttoujdWOABX.exe (Rogue.FakeHDD) -> No action taken.
C:\ProgramData\nWq3lDSsOkhscE.exe (Backdoor.Agent.Gen) -> No action taken.
C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> No action taken.

(end)

Gmer scan running : seems to be taking a long time , over an hour so far , I'll post results when done
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-17 15:43:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS545025B9A300 rev.PB2OC60F
Running: rt60ln90.exe; Driver: C:\Users\Acer\AppData\Local\Temp\kxldrpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8A842C0C]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8A842ED4]
SSDT 924A83A6 ZwCreateSection
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8A8431D0]
SSDT 924A83AB ZwSetContextThread
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8A84280A]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C513D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82C91ED8 8 Bytes [0C, 2C, 84, 8A, D4, 2E, 84, ...] {OR AL, 0x2c; TEST [EDX-0x757bd12c], CL}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C91EEC 4 Bytes [A6, 83, 4A, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82C91F10 4 Bytes [D0, 31, 84, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C9228C 4 Bytes [AB, 83, 4A, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82C92364 4 Bytes [0A, 28, 84, 8A]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92A0D000, 0x2D5378, 0xE8000020]
PAGE peauth.sys 99969BEC 111 Bytes JMP 87D3B4E6

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1196] kernel32.dll!SetUnhandledExceptionFilter 75C1F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!EnableWindow 76498D02 5 Bytes JMP 6F309A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!DialogBoxParamW 764B3B9B 5 Bytes JMP 6F26170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!DialogBoxIndirectParamW 764C3B7F 5 Bytes JMP 6F456336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!DialogBoxParamA 764DCF42 5 Bytes JMP 6F4562D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!DialogBoxIndirectParamA 764DD274 5 Bytes JMP 6F45639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!MessageBoxIndirectA 764EE869 5 Bytes JMP 6F456258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!MessageBoxIndirectW 764EE963 5 Bytes JMP 6F4561DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!MessageBoxExA 764EE9C9 5 Bytes JMP 6F45617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2748] USER32.dll!MessageBoxExW 764EE9ED 5 Bytes JMP 6F456117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] kernel32.dll!CreateThread 75C1DCC2 5 Bytes JMP 6F2C7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!EnableWindow 76498D02 5 Bytes JMP 6F309A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!CallNextHookEx 7649ABE1 5 Bytes JMP 6F327BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!UnhookWindowsHookEx 7649ADF9 5 Bytes JMP 6F34EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!DefWindowProcA 7649BB1C 7 Bytes JMP 6F2C952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!CreateWindowExA 7649BF40 5 Bytes JMP 6F2D3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!SetWindowsHookExW 7649E30C 5 Bytes JMP 6F302194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!CreateWindowExW 7649EC7C 5 Bytes JMP 6F32FF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!DefWindowProcW 764A507D 7 Bytes JMP 6F327C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!DialogBoxParamW 764B3B9B 5 Bytes JMP 6F26170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!DialogBoxIndirectParamW 764C3B7F 5 Bytes JMP 6F456336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!DialogBoxParamA 764DCF42 5 Bytes JMP 6F4562D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!DialogBoxIndirectParamA 764DD274 5 Bytes JMP 6F45639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!MessageBoxIndirectA 764EE869 5 Bytes JMP 6F456258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!MessageBoxIndirectW 764EE963 5 Bytes JMP 6F4561DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!MessageBoxExA 764EE9C9 5 Bytes JMP 6F45617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!MessageBoxExW 764EE9ED 5 Bytes JMP 6F456117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ole32.dll!OleLoadFromStream 76286143 5 Bytes JMP 6F456B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[316] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [757AFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [757AFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [757AFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [757AFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [757AFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[316] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [757AFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[316] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [757AFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:2564] 9F232F2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{267D79F4-1B28-4D84-8531-E993A937FEA1}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{267D79F4-1B28-4D84-8531-E993A937FEA1}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{267D79F4-1B28-4D84-8531-E993A937FEA1}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{267D79F4-1B28-4D84-8531-E993A937FEA1}@Hash 0xF5 0x52 0xFC 0x0E ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{267D79F4-1B28-4D84-8531-E993A937FEA1}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{267D79F4-1B28-4D84-8531-E993A937FEA1}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {267D79F4-1B28-4D84-8531-E993A937FEA1}
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 97
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@CrawlType 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@InProgress 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@DoneAddingCrawlSeeds 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@IsCatalogLevel 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@LogStartAddId 3
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@SuccessfulTransactions 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@ErrorTransactions 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@WarningTransactions 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@ExcludedTransactions 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@RetryTransactions 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@KilobytesCrawled 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@Modified 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@UnvisitedItems 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\98@ForcedFullCrawl 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\3@CrawlNumberInProgress 98

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS003E7.log 1048576 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS003E8.log 1048576 bytes

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Acer at 15:47:14 on 2012-03-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2811.1633 [GMT 0:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\tsnp2uvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Acer\Downloads\rt60ln90.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3600-4600 series\ezprint.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{27BAED83-CCA5-4BCE-80B6-35782F033A2A} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{54190533-DF39-49E6-B38A-1A7D0D301625} : DhcpNameServer = 149.254.230.7 149.254.192.126
TCP: Interfaces\{60B48F98-2594-4B24-85F4-E5064350DA8A} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{60B48F98-2594-4B24-85F4-E5064350DA8A}\14E64627F696461405 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{60B48F98-2594-4B24-85F4-E5064350DA8A}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{60B48F98-2594-4B24-85F4-E5064350DA8A}\35F6E696B6723702960586F6E656 : DhcpNameServer = 149.254.230.7 149.254.192.126
TCP: Interfaces\{60B48F98-2594-4B24-85F4-E5064350DA8A}\37F6E696B6332313 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{60B48F98-2594-4B24-85F4-E5064350DA8A}\6796277696E6D65646961613939333238383 : DhcpNameServer = 194.168.4.100 194.168.8.100
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\acer\appdata\roaming\mozilla\firefox\profiles\hvyoyomp.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\onlive\plugin\npolgdet.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-17 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-17 342168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-2 218688]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-17 185560]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-26 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-26 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-26 66616]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-3-17 550864]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-17 402336]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-11-3 275496]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-3-17 56840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-24 136176]
S2 LMIRescue_02d5df22-3313-48b2-909f-06909553ee62;LogMeIn Rescue (02d5df22-3313-48b2-909f-06909553ee62);"c:\users\acer\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue_srv.exe" -service -sid 02d5df22-3313-48b2-909f-06909553ee62 --> c:\users\acer\appdata\local\logmein rescue applet\lmir0001.tmp\LMI_Rescue_srv.exe [?]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2011-11-1 94208]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-24 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-27 15872]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-17 1117624]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-27 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-26 1343400]
.
=============== Created Last 30 ================
.
2012-03-17 12:44:35 -------- d-----w- c:\users\acer\appdata\roaming\Malwarebytes
2012-03-17 12:44:30 -------- d-----w- c:\programdata\Malwarebytes
2012-03-17 12:44:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 12:44:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-17 00:29:39 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-17 00:29:39 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-17 00:29:38 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-03-17 00:29:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-17 00:29:37 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-03-17 00:28:55 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-17 00:28:55 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-17 00:28:53 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-17 00:28:50 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-17 00:28:44 -------- d-----w- c:\program files\PC Tools
2012-03-17 00:27:56 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-17 00:27:56 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-17 00:27:53 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-17 00:27:53 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-17 00:27:51 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-17 00:27:51 -------- d-----w- c:\program files\common files\PC Tools
2012-03-17 00:27:27 -------- d-----w- c:\users\acer\appdata\roaming\TestApp
2012-03-17 00:27:27 -------- d-----w- c:\programdata\PC Tools
2012-03-16 10:58:58 6552120 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{d9390cfd-02a2-4e38-8867-ae73a15a5c52}\mpengine.dll
2012-03-16 10:47:47 -------- d--h--w- c:\users\acer\appdata\local\{EA82C21F-5202-43F9-BFFA-398937B1C1AF}
2012-03-16 10:47:35 -------- d--h--w- c:\users\acer\appdata\local\{E5122A11-EB89-406F-9CF6-5668B41C246A}
2012-03-15 22:36:30 -------- d--h--w- c:\users\acer\appdata\local\{D8F8A137-C784-493F-97D7-5C1BEFCE630A}
2012-03-15 22:36:18 -------- d--h--w- c:\users\acer\appdata\local\{6C8A1E66-FB5E-4CDD-81C4-743743A794FF}
2012-03-15 11:57:24 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 11:57:23 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 11:57:03 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:57:02 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:55:37 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:55:37 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:55:37 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:55:35 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 11:55:35 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:55:35 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 11:55:35 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 13:50:59 -------- d--h--w- c:\users\acer\appdata\local\{80F04250-2A4F-4E27-A056-CDC6C93675F1}
2012-03-13 13:50:46 -------- d--h--w- c:\users\acer\appdata\local\{FADDCAAB-5ED7-44CE-BB0A-CE54CF41D046}
2012-03-12 14:31:58 -------- d--h--w- c:\users\acer\appdata\local\{7CD02CB2-CD6C-4D49-820D-3C4D14E77327}
2012-03-12 14:31:44 -------- d--h--w- c:\users\acer\appdata\local\{95F98781-AE09-4E1B-992A-EF5D1C8306C7}
2012-03-12 01:55:56 -------- d--h--w- c:\users\acer\appdata\local\{80F88A66-D333-4AE9-90B1-9741705FA0AD}
2012-03-12 01:55:33 -------- d--h--w- c:\users\acer\appdata\local\{6C919A0B-85CB-4C67-8A6D-64C51692E76B}
2012-03-11 13:55:18 -------- d--h--w- c:\users\acer\appdata\local\{034D9C33-9751-45D1-8B46-9ACBDAFA8ED1}
2012-03-11 13:54:55 -------- d--h--w- c:\users\acer\appdata\local\{C62272B1-F60A-4A4D-BB37-550771F435E9}
2012-03-11 00:13:35 -------- d--h--w- c:\users\acer\appdata\local\{94C07299-681F-4507-819C-E9716D17405F}
2012-03-11 00:13:12 -------- d--h--w- c:\users\acer\appdata\local\{ECDA5B1C-B6C8-4806-B5B0-462711E12CE0}
2012-03-10 12:12:59 -------- d--h--w- c:\users\acer\appdata\local\{1287A26B-7AC5-4640-B41D-66C0C5FB0283}
2012-03-10 12:12:46 -------- d--h--w- c:\users\acer\appdata\local\{F6000FDC-D300-4375-A1CD-D5F5A1753FD6}
2012-03-09 23:07:29 -------- d--h--w- c:\users\acer\appdata\local\{3C995AD9-D90C-42F8-8814-CD2E8DC80CF1}
2012-03-09 23:07:05 -------- d--h--w- c:\users\acer\appdata\local\{E6E1F3C7-48BF-45B8-82DD-2D0DB05B4905}
2012-03-09 11:07:07 -------- d--h--w- c:\users\acer\appdata\local\{C1353168-5D7B-4539-9CD2-F39083F648BF}
2012-03-08 14:24:42 -------- d--h--w- c:\users\acer\appdata\local\{B8D10044-9E30-4279-A0BA-65BA2ABD95BB}
2012-03-08 14:24:19 -------- d--h--w- c:\users\acer\appdata\local\{89A93EA5-0DF9-4A21-BE16-1907B89B9BA5}
2012-03-08 01:14:17 -------- d--h--w- c:\users\acer\appdata\local\{6963993B-5904-4F12-B439-F4645F7F0186}
2012-03-08 01:14:05 -------- d--h--w- c:\users\acer\appdata\local\{A92A5727-9964-409C-BAF6-C033B75A8FD6}
2012-03-07 14:59:48 -------- d--h--w- c:\program files\gBurner
2012-03-07 13:13:51 -------- d--h--w- c:\users\acer\appdata\local\{D38F6307-9E29-43E7-A79B-F3C8FD84881F}
2012-03-07 13:13:27 -------- d--h--w- c:\users\acer\appdata\local\{1D7BD589-F70F-4B22-A8A5-DCCFAC6DACCA}
2012-03-06 15:40:07 -------- d--h--w- c:\users\acer\appdata\local\{ACF0B30B-BABA-4E13-8A4C-796C2DA25E8F}
2012-03-06 15:39:48 -------- d--h--w- c:\users\acer\appdata\local\{7B160A82-159E-42A0-A002-4187F7F3EF59}
2012-02-28 01:43:46 -------- d--h--w- c:\users\acer\appdata\local\{AFD9D593-3575-4E05-9ECF-BD6DBE706195}
2012-02-28 01:43:23 -------- d--h--w- c:\users\acer\appdata\local\{056C8960-4A14-47C0-A2F1-4B671392522B}
2012-02-27 13:43:09 -------- d--h--w- c:\users\acer\appdata\local\{C1897A8E-0531-4BC5-879A-B628C4F5696A}
2012-02-27 13:42:46 -------- d--h--w- c:\users\acer\appdata\local\{BB22478D-15D7-4A34-8E10-6C64E45E8231}
2012-02-27 01:42:33 -------- d--h--w- c:\users\acer\appdata\local\{59925A11-0034-4AD9-8744-4CACE7B26206}
2012-02-27 01:42:10 -------- d--h--w- c:\users\acer\appdata\local\{0D1B326E-28BC-4A72-BD30-AF2DA878A214}
2012-02-26 13:41:35 -------- d--h--w- c:\users\acer\appdata\local\{BA895B01-E598-41B7-9960-68C69B921F38}
2012-02-26 13:41:17 -------- d--h--w- c:\users\acer\appdata\local\{DC87EB5B-EABB-4B45-B053-513EB6E1524C}
2012-02-25 22:15:01 -------- d--h--w- c:\users\acer\appdata\local\{E68DE083-5BF2-4E85-A850-32E1985A3F12}
2012-02-25 01:13:42 -------- d--h--w- c:\users\acer\appdata\local\{58E15F75-1FCD-42B0-AEAD-C47E6EA8BBD6}
2012-02-25 01:13:28 -------- d--h--w- c:\users\acer\appdata\local\{D1005B55-0BAA-4FD8-B919-CCD10890E1CB}
2012-02-24 19:27:29 -------- d--h--w- c:\users\acer\appdata\local\Google
2012-02-24 12:14:48 -------- d--h--w- c:\users\acer\appdata\local\{C394232E-5B27-47BB-8616-CE6D3404A641}
2012-02-24 12:14:34 -------- d--h--w- c:\users\acer\appdata\local\{C1665253-3F40-456A-9A2D-7FF1974EA782}
2012-02-23 17:17:52 -------- d--h--w- c:\users\acer\appdata\local\{2F0D7C53-C2C1-45F7-B86F-01FEC7B942E9}
2012-02-23 17:17:37 -------- d--h--w- c:\users\acer\appdata\local\{85154491-BB32-4FF0-9C7C-70FE4ED3C4FB}
2012-02-22 23:40:59 626688 ---ha-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-22 23:40:59 548864 ---ha-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-22 23:40:59 479232 ---ha-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-22 23:40:59 45016 ---ha-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-22 15:39:18 -------- d--h--w- c:\program files\WinSCP
2012-02-22 10:57:28 -------- d--h--w- c:\users\acer\appdata\local\{FD03734E-4B58-4754-8987-647A7CC8D3BC}
2012-02-22 10:57:17 -------- d--h--w- c:\users\acer\appdata\local\{3F9C3840-88EB-4A17-AC58-0B8F9EB526BA}
2012-02-21 22:57:03 -------- d--h--w- c:\users\acer\appdata\local\{8F429AEB-79E9-46F6-9301-068F41B515A8}
2012-02-21 22:56:51 -------- d--h--w- c:\users\acer\appdata\local\{2EDF5839-5D3E-4407-86EC-67E5C02C3D7E}
2012-02-21 12:13:23 -------- d--h--w- c:\users\acer\appdata\roaming\WindSolutions
2012-02-21 12:13:22 -------- d--h--w- c:\programdata\WindSolutions
2012-02-20 00:21:19 -------- d--h--w- c:\users\acer\appdata\local\libimobiledevice
2012-02-18 22:43:04 -------- d--h--w- c:\users\acer\appdata\local\Programs
2012-02-17 11:46:17 180224 ---ha-w- c:\windows\system32\rsnp2uvc.dll
2012-02-17 11:46:15 237568 ----a-w- c:\windows\tsnp2uvc.exe
2012-02-17 11:46:13 94208 ----a-w- c:\windows\amcap.exe
2012-02-17 11:46:13 -------- d--h--w- c:\program files\common files\SNP2UVC
2012-02-17 11:44:28 -------- d--h--w- c:\users\acer\appdata\local\ArcSoft
2012-02-17 11:44:04 -------- d--h--w- c:\programdata\ArcSoft
2012-02-17 11:44:00 18688 ---ha-w- c:\windows\system32\drivers\afc.sys
2012-02-17 11:42:19 212480 ----a-w- c:\windows\PCDLIB32.DLL
2012-02-17 11:39:53 225280 ---h--w- c:\program files\common files\installshield\iscript\iscript.dll
2012-02-17 11:39:52 77824 ---ha-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-02-17 11:39:52 32768 ---h--w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-02-17 11:39:52 176128 ---h--w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
.
==================== Find3M ====================
.
2012-02-23 09:18:36 237072 ---h--w- c:\windows\system32\MpSigStub.exe
2012-02-16 10:54:04 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
============= FINISH: 15:47:47.78 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 26/02/2011 01:24:20
System Uptime: 17/03/2012 13:42:22 (2 hours ago)
.
Motherboard: Acer | | Aspire 5551
Processor: AMD Athlon(tm) II P320 Dual-Core Processor | Socket S1G4 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 35.779 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
µTorrent
Avira AntiVir Personal - Free Antivirus
Bonjour
Browser Defender 4.0
Castle Link
CopyTrans Suite Remove Only
D3DX10
DAEMON Tools Lite
DAEMON Tools Toolbar
DolbyFiles
File Type Assistant
Foxit Reader
Free File Viewer 2011
gBurner
Google Chrome
Google Earth
Google Update Helper
GrabIt 1.7.2 Beta 4 (build 997)
HD2 Toolkit version 4.1
ImagXpress
ImgBurn
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Lexmark 3600-4600 Series
Malwarebytes Anti-Malware version 1.60.1.1000
Menu Templates - Starter Kit
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Movie Templates - Starter Kit
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero Burning ROM Help
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
NeroLiveGadget Help
neroxml
NewsLeecher v3.9 Final
OnLive
PC Tools Spyware Doctor with AntiVirus 9.0
QuickPar 0.9
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SoundTrax
swMSM
Synaptics Pointing Device Driver
TweakNow RegCleaner 2011
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB Video Device
VLC media player 1.1.8
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinSCP 4.3.7
.
==== Event Viewer Messages From Past Week ========
.
17/03/2012 13:45:20, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
17/03/2012 13:42:45, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService service to connect.
17/03/2012 13:42:45, Error: Service Control Manager [7000] - The lxdxCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/03/2012 13:42:45, Error: Service Control Manager [7000] - The LogMeIn Rescue (02d5df22-3313-48b2-909f-06909553ee62) service failed to start due to the following error: The system cannot find the file specified.
17/03/2012 13:42:34, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
17/03/2012 13:42:34, Error: atikmdag [43029] - Display is not active
17/03/2012 13:35:05, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
17/03/2012 13:35:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
17/03/2012 13:35:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
17/03/2012 13:35:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/03/2012 13:34:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
17/03/2012 13:34:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache PCTSD spldr ssmdrv Wanarpv6
17/03/2012 00:28:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
17/03/2012 00:11:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
16/03/2012 23:53:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache spldr ssmdrv Wanarpv6
15/03/2012 21:30:11, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
14/03/2012 12:21:11, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
10/03/2012 14:11:21, Error: NetBT [4321] - The name "ACER-PC :0" could not be registered on the interface with IP address 192.168.0.4. The computer with the IP address 192.168.0.6 did not allow the name to be claimed by this computer.
10/03/2012 14:11:05, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{60B48F98-2594-4B24-85F4-E5064350DA8A} because another computer on the network has the same name. The server could not start.
10/03/2012 14:11:05, Error: NetBT [4321] - The name "ACER-PC :20" could not be registered on the interface with IP address 192.168.0.4. The computer with the IP address 192.168.0.6 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Your MBAM log says "No action taken".
Re-run it, FIX all issues, post new log.

You're running two AV programs, PC Tools Spyware Doctor with AntiVirus and Avira.
One of them has to go.
Your choice.

Then...

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
thankyou for the help,

i have deleted spyware doctor and kept Avira ,

i saved the log file before i clicked repair , but i did repair the items it found , here is the new log file ,

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [administrator]

17/03/2012 16:02:48
mbam-log-2012-03-17 (16-02-48).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286684
Time elapsed: 1 hour(s), 6 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
17:23:23.0943 3968 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
17:23:24.0161 3968 ============================================================
17:23:24.0161 3968 Current date / time: 2012/03/17 17:23:24.0161
17:23:24.0161 3968 SystemInfo:
17:23:24.0161 3968
17:23:24.0161 3968 OS Version: 6.1.7601 ServicePack: 1.0
17:23:24.0161 3968 Product type: Workstation
17:23:24.0161 3968 ComputerName: ACER-PC
17:23:24.0161 3968 UserName: Acer
17:23:24.0161 3968 Windows directory: C:\Windows
17:23:24.0161 3968 System windows directory: C:\Windows
17:23:24.0161 3968 Processor architecture: Intel x86
17:23:24.0161 3968 Number of processors: 2
17:23:24.0161 3968 Page size: 0x1000
17:23:24.0161 3968 Boot type: Normal boot
17:23:24.0161 3968 ============================================================
17:23:25.0347 3968 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:23:25.0347 3968 \Device\Harddisk0\DR0:
17:23:25.0347 3968 MBR used
17:23:25.0347 3968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:23:25.0347 3968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
17:23:25.0394 3968 Initialize success
17:23:25.0394 3968 ============================================================
17:23:27.0313 1796 ============================================================
17:23:27.0313 1796 Scan started
17:23:27.0313 1796 Mode: Manual;
17:23:27.0313 1796 ============================================================
17:23:28.0436 1796 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:23:28.0451 1796 1394ohci - ok
17:23:28.0483 1796 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:23:28.0498 1796 ACPI - ok
17:23:28.0685 1796 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:23:28.0685 1796 AcpiPmi - ok
17:23:28.0810 1796 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:23:28.0826 1796 adp94xx - ok
17:23:28.0841 1796 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:23:28.0857 1796 adpahci - ok
17:23:28.0873 1796 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:23:28.0888 1796 adpu320 - ok
17:23:29.0013 1796 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
17:23:29.0013 1796 Afc - ok
17:23:29.0060 1796 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:23:29.0091 1796 AFD - ok
17:23:29.0294 1796 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:23:29.0294 1796 agp440 - ok
17:23:29.0684 1796 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:23:29.0684 1796 aic78xx - ok
17:23:29.0824 1796 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:23:29.0840 1796 aliide - ok
17:23:29.0887 1796 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:23:29.0887 1796 amdagp - ok
17:23:29.0918 1796 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:23:29.0918 1796 amdide - ok
17:23:30.0027 1796 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:23:30.0043 1796 AmdK8 - ok
17:23:30.0074 1796 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:23:30.0074 1796 AmdPPM - ok
17:23:30.0214 1796 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:23:30.0230 1796 amdsata - ok
17:23:30.0292 1796 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:23:30.0323 1796 amdsbs - ok
17:23:30.0479 1796 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:23:30.0479 1796 amdxata - ok
17:23:30.0667 1796 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:23:30.0682 1796 AppID - ok
17:23:30.0885 1796 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:23:30.0916 1796 arc - ok
17:23:30.0932 1796 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:23:30.0932 1796 arcsas - ok
17:23:31.0057 1796 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:23:31.0057 1796 AsyncMac - ok
17:23:31.0088 1796 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:23:31.0088 1796 atapi - ok
17:23:31.0244 1796 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
17:23:31.0259 1796 athr - ok
17:23:31.0493 1796 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
17:23:31.0649 1796 atikmdag - ok
17:23:31.0805 1796 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
17:23:31.0805 1796 avgntflt - ok
17:23:31.0821 1796 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
17:23:31.0837 1796 avipbb - ok
17:23:31.0977 1796 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:23:31.0993 1796 b06bdrv - ok
17:23:32.0102 1796 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:23:32.0117 1796 b57nd60x - ok
17:23:32.0149 1796 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:23:32.0164 1796 Beep - ok
17:23:32.0258 1796 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:23:32.0258 1796 blbdrive - ok
17:23:32.0320 1796 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:23:32.0320 1796 bowser - ok
17:23:32.0429 1796 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:23:32.0429 1796 BrFiltLo - ok
17:23:32.0445 1796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:23:32.0445 1796 BrFiltUp - ok
17:23:32.0492 1796 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:23:32.0507 1796 Brserid - ok
17:23:32.0554 1796 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:23:32.0554 1796 BrSerWdm - ok
17:23:32.0617 1796 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:23:32.0632 1796 BrUsbMdm - ok
17:23:32.0648 1796 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:23:32.0648 1796 BrUsbSer - ok
17:23:32.0663 1796 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:23:32.0679 1796 BTHMODEM - ok
17:23:32.0804 1796 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:23:32.0804 1796 cdfs - ok
17:23:32.0851 1796 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:23:32.0851 1796 cdrom - ok
17:23:32.0975 1796 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:23:32.0975 1796 circlass - ok
17:23:33.0022 1796 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:23:33.0022 1796 CLFS - ok
17:23:33.0147 1796 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:23:33.0147 1796 CmBatt - ok
17:23:33.0178 1796 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:23:33.0178 1796 cmdide - ok
17:23:33.0303 1796 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:23:33.0303 1796 CNG - ok
17:23:33.0350 1796 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:23:33.0350 1796 Compbatt - ok
17:23:33.0459 1796 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:23:33.0459 1796 CompositeBus - ok
17:23:33.0506 1796 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:23:33.0506 1796 crcdisk - ok
17:23:33.0677 1796 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
17:23:33.0709 1796 CSC - ok
17:23:33.0833 1796 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:23:33.0833 1796 DfsC - ok
17:23:33.0896 1796 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:23:33.0896 1796 discache - ok
17:23:34.0005 1796 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:23:34.0021 1796 Disk - ok
17:23:34.0114 1796 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:23:34.0114 1796 drmkaud - ok
17:23:34.0192 1796 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:23:34.0208 1796 dtsoftbus01 - ok
17:23:34.0286 1796 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:23:34.0333 1796 DXGKrnl - ok
17:23:34.0535 1796 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:23:34.0598 1796 ebdrv - ok
17:23:34.0738 1796 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:23:34.0754 1796 elxstor - ok
17:23:34.0785 1796 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:23:34.0801 1796 ErrDev - ok
17:23:34.0910 1796 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:23:34.0925 1796 exfat - ok
17:23:34.0957 1796 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:23:34.0972 1796 fastfat - ok
17:23:35.0050 1796 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:23:35.0050 1796 fdc - ok
17:23:35.0113 1796 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:23:35.0128 1796 FileInfo - ok
17:23:35.0144 1796 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:23:35.0144 1796 Filetrace - ok
17:23:35.0175 1796 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:23:35.0175 1796 flpydisk - ok
17:23:35.0237 1796 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:23:35.0253 1796 FltMgr - ok
17:23:35.0315 1796 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:23:35.0331 1796 FsDepends - ok
17:23:35.0362 1796 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:23:35.0362 1796 Fs_Rec - ok
17:23:35.0440 1796 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:23:35.0440 1796 fvevol - ok
17:23:35.0518 1796 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:23:35.0534 1796 gagp30kx - ok
17:23:35.0627 1796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:23:35.0627 1796 GEARAspiWDM - ok
17:23:35.0737 1796 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:23:35.0752 1796 hcw85cir - ok
17:23:35.0830 1796 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:23:35.0846 1796 HdAudAddService - ok
17:23:35.0908 1796 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:23:35.0908 1796 HDAudBus - ok
17:23:35.0986 1796 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:23:35.0986 1796 HidBatt - ok
17:23:36.0017 1796 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:23:36.0033 1796 HidBth - ok
17:23:36.0111 1796 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:23:36.0127 1796 HidIr - ok
17:23:36.0205 1796 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:23:36.0220 1796 HidUsb - ok
17:23:36.0314 1796 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:23:36.0329 1796 HpSAMD - ok
17:23:36.0423 1796 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:23:36.0423 1796 HTTP - ok
17:23:36.0485 1796 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:23:36.0485 1796 hwpolicy - ok
17:23:36.0595 1796 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:23:36.0610 1796 i8042prt - ok
17:23:36.0704 1796 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:23:36.0719 1796 iaStorV - ok
17:23:36.0813 1796 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:23:36.0813 1796 iirsp - ok
17:23:36.0891 1796 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:23:36.0891 1796 intelide - ok
17:23:36.0953 1796 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:23:36.0969 1796 intelppm - ok
17:23:37.0016 1796 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:23:37.0031 1796 IpFilterDriver - ok
17:23:37.0078 1796 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:23:37.0094 1796 IPMIDRV - ok
17:23:37.0156 1796 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:23:37.0172 1796 IPNAT - ok
17:23:37.0234 1796 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:23:37.0234 1796 IRENUM - ok
17:23:37.0297 1796 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:23:37.0297 1796 isapnp - ok
17:23:37.0375 1796 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:23:37.0390 1796 iScsiPrt - ok
17:23:37.0453 1796 k57nd60x (35b69a908401de6e0c24994374531c04) C:\Windows\system32\DRIVERS\k57nd60x.sys
17:23:37.0468 1796 k57nd60x - ok
17:23:37.0593 1796 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:23:37.0609 1796 kbdclass - ok
17:23:37.0655 1796 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
17:23:37.0655 1796 kbdhid - ok
17:23:37.0780 1796 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:23:37.0780 1796 KSecDD - ok
17:23:37.0827 1796 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:23:37.0827 1796 KSecPkg - ok
17:23:37.0967 1796 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:23:37.0983 1796 lltdio - ok
17:23:38.0170 1796 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:23:38.0186 1796 LSI_FC - ok
17:23:38.0201 1796 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:23:38.0217 1796 LSI_SAS - ok
17:23:38.0248 1796 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:23:38.0264 1796 LSI_SAS2 - ok
17:23:38.0295 1796 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:23:38.0311 1796 LSI_SCSI - ok
17:23:38.0420 1796 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:23:38.0435 1796 luafv - ok
17:23:38.0576 1796 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
17:23:38.0591 1796 MBAMSwissArmy - ok
17:23:38.0638 1796 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:23:38.0638 1796 megasas - ok
17:23:38.0747 1796 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:23:38.0747 1796 MegaSR - ok
17:23:38.0794 1796 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:23:38.0794 1796 Modem - ok
17:23:38.0919 1796 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:23:38.0919 1796 monitor - ok
17:23:38.0950 1796 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:23:38.0950 1796 mouclass - ok
17:23:39.0059 1796 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:23:39.0059 1796 mouhid - ok
17:23:39.0122 1796 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:23:39.0122 1796 mountmgr - ok
17:23:39.0231 1796 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:23:39.0247 1796 mpio - ok
17:23:39.0293 1796 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:23:39.0309 1796 mpsdrv - ok
17:23:39.0465 1796 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:23:39.0481 1796 MRxDAV - ok
17:23:39.0512 1796 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:23:39.0512 1796 mrxsmb - ok
17:23:39.0637 1796 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:23:39.0637 1796 mrxsmb10 - ok
17:23:39.0683 1796 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:23:39.0683 1796 mrxsmb20 - ok
17:23:39.0730 1796 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:23:39.0730 1796 msahci - ok
17:23:39.0824 1796 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:23:39.0855 1796 msdsm - ok
17:23:39.0902 1796 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:23:39.0902 1796 Msfs - ok
17:23:39.0917 1796 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:23:39.0917 1796 mshidkmdf - ok
17:23:39.0933 1796 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:23:39.0933 1796 msisadrv - ok
17:23:40.0058 1796 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:23:40.0058 1796 MSKSSRV - ok
17:23:40.0089 1796 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:23:40.0089 1796 MSPCLOCK - ok
17:23:40.0120 1796 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:23:40.0120 1796 MSPQM - ok
17:23:40.0151 1796 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:23:40.0167 1796 MsRPC - ok
17:23:40.0261 1796 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:23:40.0261 1796 mssmbios - ok
17:23:40.0307 1796 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:23:40.0307 1796 MSTEE - ok
17:23:40.0323 1796 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:23:40.0323 1796 MTConfig - ok
17:23:40.0432 1796 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:23:40.0432 1796 Mup - ok
17:23:40.0495 1796 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:23:40.0510 1796 NativeWifiP - ok
17:23:40.0635 1796 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:23:40.0651 1796 NDIS - ok
17:23:40.0760 1796 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:23:40.0775 1796 NdisCap - ok
17:23:40.0807 1796 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:23:40.0807 1796 NdisTapi - ok
17:23:40.0853 1796 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:23:40.0869 1796 Ndisuio - ok
17:23:40.0963 1796 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:23:40.0994 1796 NdisWan - ok
17:23:41.0025 1796 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:23:41.0041 1796 NDProxy - ok
17:23:41.0197 1796 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
17:23:41.0197 1796 Netaapl - ok
17:23:41.0243 1796 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:23:41.0243 1796 NetBIOS - ok
17:23:41.0275 1796 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:23:41.0306 1796 NetBT - ok
17:23:41.0431 1796 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:23:41.0446 1796 nfrd960 - ok
17:23:41.0477 1796 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:23:41.0477 1796 Npfs - ok
17:23:41.0509 1796 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:23:41.0509 1796 nsiproxy - ok
17:23:41.0665 1796 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:23:41.0680 1796 Ntfs - ok
17:23:41.0774 1796 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:23:41.0789 1796 Null - ok
17:23:41.0836 1796 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:23:41.0836 1796 nvraid - ok
17:23:41.0945 1796 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:23:41.0977 1796 nvstor - ok
17:23:42.0008 1796 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:23:42.0023 1796 nv_agp - ok
17:23:42.0133 1796 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:23:42.0133 1796 ohci1394 - ok
17:23:42.0179 1796 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:23:42.0195 1796 Parport - ok
17:23:42.0226 1796 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
17:23:42.0242 1796 partmgr - ok
17:23:42.0335 1796 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:23:42.0335 1796 Parvdm - ok
17:23:42.0382 1796 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:23:42.0382 1796 pci - ok
17:23:42.0398 1796 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:23:42.0398 1796 pciide - ok
17:23:42.0507 1796 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:23:42.0523 1796 pcmcia - ok
17:23:42.0554 1796 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:23:42.0554 1796 pcw - ok
17:23:42.0585 1796 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:23:42.0616 1796 PEAUTH - ok
17:23:42.0772 1796 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:23:42.0788 1796 PptpMiniport - ok
17:23:42.0803 1796 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:23:42.0819 1796 Processor - ok
17:23:42.0866 1796 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:23:42.0881 1796 Psched - ok
17:23:43.0006 1796 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:23:43.0053 1796 ql2300 - ok
17:23:43.0147 1796 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:23:43.0162 1796 ql40xx - ok
17:23:43.0193 1796 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:23:43.0193 1796 QWAVEdrv - ok
17:23:43.0209 1796 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:23:43.0225 1796 RasAcd - ok
17:23:43.0256 1796 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:23:43.0271 1796 RasAgileVpn - ok
17:23:43.0365 1796 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:23:43.0381 1796 Rasl2tp - ok
17:23:43.0427 1796 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:23:43.0443 1796 RasPppoe - ok
17:23:43.0459 1796 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:23:43.0474 1796 RasSstp - ok
17:23:43.0521 1796 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:23:43.0521 1796 rdbss - ok
17:23:43.0630 1796 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:23:43.0630 1796 rdpbus - ok
17:23:43.0677 1796 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:23:43.0677 1796 RDPCDD - ok
17:23:43.0724 1796 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
17:23:43.0739 1796 RDPDR - ok
17:23:43.0849 1796 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:23:43.0849 1796 RDPENCDD - ok
17:23:43.0880 1796 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:23:43.0895 1796 RDPREFMP - ok
17:23:44.0114 1796 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
17:23:44.0129 1796 RdpVideoMiniport - ok
17:23:44.0317 1796 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
17:23:44.0332 1796 RDPWD - ok
17:23:44.0878 1796 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:23:44.0878 1796 rdyboost - ok
17:23:45.0081 1796 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:23:45.0081 1796 rspndr - ok
17:23:45.0237 1796 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
17:23:45.0268 1796 s3cap - ok
17:23:45.0565 1796 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:23:45.0643 1796 sbp2port - ok
17:23:45.0783 1796 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:23:45.0892 1796 scfilter - ok
17:23:46.0111 1796 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:23:46.0126 1796 secdrv - ok
17:23:46.0282 1796 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:23:46.0298 1796 Serenum - ok
17:23:46.0625 1796 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:23:46.0641 1796 Serial - ok
17:23:46.0672 1796 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:23:46.0688 1796 sermouse - ok
17:23:47.0093 1796 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:23:47.0125 1796 sffdisk - ok
17:23:47.0281 1796 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:23:47.0312 1796 sffp_mmc - ok
17:23:47.0483 1796 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:23:47.0483 1796 sffp_sd - ok
17:23:47.0546 1796 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:23:47.0546 1796 sfloppy - ok
17:23:47.0655 1796 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:23:47.0655 1796 sisagp - ok
17:23:47.0702 1796 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:23:47.0717 1796 SiSRaid2 - ok
17:23:47.0780 1796 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:23:47.0780 1796 SiSRaid4 - ok
17:23:48.0061 1796 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:23:48.0076 1796 Smb - ok
17:23:48.0326 1796 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:23:48.0326 1796 spldr - ok
17:23:48.0451 1796 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:23:48.0466 1796 srv - ok
17:23:48.0700 1796 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:23:48.0716 1796 srv2 - ok
17:23:48.0856 1796 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:23:48.0872 1796 srvnet - ok
17:23:48.0950 1796 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:23:48.0950 1796 ssmdrv - ok
17:23:49.0012 1796 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:23:49.0028 1796 stexstor - ok
17:23:49.0122 1796 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
17:23:49.0122 1796 storflt - ok
17:23:49.0168 1796 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
17:23:49.0184 1796 storvsc - ok
17:23:49.0262 1796 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:23:49.0278 1796 swenum - ok
17:23:49.0340 1796 Synth3dVsc - ok
17:23:49.0465 1796 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys
17:23:49.0480 1796 SynTP - ok
17:23:49.0590 1796 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
17:23:49.0605 1796 Tcpip - ok
17:23:49.0761 1796 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
17:23:49.0777 1796 TCPIP6 - ok
17:23:49.0917 1796 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:23:49.0917 1796 tcpipreg - ok
17:23:49.0980 1796 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:23:49.0980 1796 TDPIPE - ok
17:23:50.0089 1796 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:23:50.0104 1796 TDTCP - ok
17:23:50.0432 1796 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:23:50.0479 1796 tdx - ok
17:23:50.0572 1796 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:23:50.0588 1796 TermDD - ok
17:23:50.0666 1796 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:23:50.0666 1796 tssecsrv - ok
17:23:50.0791 1796 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:23:50.0791 1796 TsUsbFlt - ok
17:23:50.0806 1796 tsusbhub - ok
17:23:50.0931 1796 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:23:50.0947 1796 tunnel - ok
17:23:50.0994 1796 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:23:51.0009 1796 uagp35 - ok
17:23:51.0056 1796 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:23:51.0072 1796 udfs - ok
17:23:51.0196 1796 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:23:51.0212 1796 uliagpkx - ok
17:23:51.0259 1796 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
17:23:51.0259 1796 umbus - ok
17:23:51.0290 1796 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:23:51.0306 1796 UmPass - ok
17:23:51.0446 1796 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
17:23:51.0462 1796 USBAAPL - ok
17:23:51.0571 1796 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
17:23:51.0586 1796 usbaudio - ok
17:23:51.0664 1796 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:23:51.0680 1796 usbccgp - ok
17:23:51.0742 1796 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:23:51.0774 1796 usbcir - ok
17:23:51.0805 1796 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
17:23:51.0805 1796 usbehci - ok
17:23:51.0883 1796 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:23:51.0914 1796 usbhub - ok
17:23:51.0976 1796 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
17:23:51.0992 1796 usbohci - ok
17:23:52.0070 1796 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:23:52.0086 1796 usbprint - ok
17:23:52.0164 1796 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:23:52.0164 1796 usbscan - ok
17:23:52.0195 1796 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:23:52.0210 1796 USBSTOR - ok
17:23:52.0288 1796 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
17:23:52.0288 1796 usbuhci - ok
17:23:52.0366 1796 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
17:23:52.0382 1796 usbvideo - ok
17:23:52.0460 1796 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:23:52.0460 1796 vdrvroot - ok
17:23:52.0538 1796 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:23:52.0554 1796 vga - ok
17:23:52.0585 1796 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:23:52.0585 1796 VgaSave - ok
17:23:52.0647 1796 VGPU - ok
17:23:52.0725 1796 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:23:52.0741 1796 vhdmp - ok
17:23:52.0772 1796 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:23:52.0772 1796 viaagp - ok
17:23:52.0819 1796 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:23:52.0834 1796 ViaC7 - ok
17:23:52.0897 1796 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:23:52.0912 1796 viaide - ok
17:23:52.0975 1796 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
17:23:52.0975 1796 vmbus - ok
17:23:53.0006 1796 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
17:23:53.0006 1796 VMBusHID - ok
17:23:53.0037 1796 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:23:53.0037 1796 volmgr - ok
17:23:53.0115 1796 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:23:53.0146 1796 volmgrx - ok
17:23:53.0224 1796 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:23:53.0240 1796 volsnap - ok
17:23:53.0365 1796 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:23:53.0380 1796 vsmraid - ok
17:23:53.0443 1796 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:23:53.0443 1796 vwifibus - ok
17:23:53.0536 1796 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:23:53.0536 1796 vwififlt - ok
17:23:53.0630 1796 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:23:53.0630 1796 WacomPen - ok
17:23:53.0708 1796 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:53.0724 1796 WANARP - ok
17:23:53.0724 1796 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:53.0739 1796 Wanarpv6 - ok
17:23:53.0833 1796 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:23:53.0848 1796 Wd - ok
17:23:53.0880 1796 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:23:53.0880 1796 Wdf01000 - ok
17:23:53.0973 1796 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:23:53.0989 1796 WfpLwf - ok
17:23:54.0051 1796 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:23:54.0067 1796 WIMMount - ok
17:23:54.0176 1796 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:23:54.0176 1796 WinUsb - ok
17:23:54.0316 1796 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:23:54.0316 1796 WmiAcpi - ok
17:23:54.0488 1796 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:23:54.0488 1796 ws2ifsl - ok
17:23:54.0535 1796 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:23:54.0550 1796 WudfPf - ok
17:23:54.0675 1796 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:23:54.0691 1796 WUDFRd - ok
17:23:54.0769 1796 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
17:23:54.0784 1796 xnacc - ok
17:23:54.0831 1796 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:23:54.0894 1796 \Device\Harddisk0\DR0 - ok
17:23:54.0894 1796 Boot (0x1200) (a5a70a654daa9eabbfdf4109af5b9a5d) \Device\Harddisk0\DR0\Partition0
17:23:54.0894 1796 \Device\Harddisk0\DR0\Partition0 - ok
17:23:54.0925 1796 Boot (0x1200) (9c8a44172ff603d3a9e9e435468cb243) \Device\Harddisk0\DR0\Partition1
17:23:54.0925 1796 \Device\Harddisk0\DR0\Partition1 - ok
17:23:54.0925 1796 ============================================================
17:23:54.0925 1796 Scan finished
17:23:54.0925 1796 ============================================================
17:23:54.0940 2732 Detected object count: 0
17:23:54.0940 2732 Actual detected object count: 0
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Run date: 2012-03-17 19:48:42
-----------------------------
19:48:42.182 OS Version: Windows 6.1.7601 Service Pack 1
19:48:42.182 Number of processors: 2 586 0x603
19:48:42.182 ComputerName: ACER-PC UserName: Acer
19:48:43.539 Initialize success
19:49:42.479 AVAST engine defs: 12031700
19:50:11.479 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:50:11.495 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC60F Size: 238475MB BusType: 11
19:50:11.510 Disk 0 MBR read successfully
19:50:11.510 Disk 0 MBR scan
19:50:11.573 Disk 0 Windows 7 default MBR code
19:50:11.588 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:50:11.620 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
19:50:11.635 Disk 0 scanning sectors +488394752
19:50:11.713 Disk 0 scanning C:\Windows\system32\drivers
19:50:27.797 Service scanning
19:51:07.796 Modules scanning
19:51:20.713 Disk 0 trace - called modules:
19:51:20.744 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
19:51:21.259 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86033ac8]
19:51:21.275 3 CLASSPNP.SYS[8abab59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85eaf030]
19:51:23.427 AVAST engine scan C:\Windows
19:51:26.532 AVAST engine scan C:\Windows\system32
19:56:06.141 AVAST engine scan C:\Windows\system32\drivers
19:56:29.219 AVAST engine scan C:\Users\Acer
20:21:43.440 AVAST engine scan C:\ProgramData
20:22:29.289 Scan finished successfully
20:22:45.858 Disk 0 MBR has been saved successfully to "C:\Users\Acer\Desktop\MBR.dat"
20:22:45.858 The log file has been saved successfully to "C:\Users\Acer\Desktop\aswMBR.txt"
 
.\debug.cpp(238) : Debug log started at 17.03.2012 - 20:25:45
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82c4f000 0x00412000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x82c18000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80b97000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8322e000 0x0000b000 "\SystemRoot\system32\mcupdate_AuthenticAMD.dll"
.\debug.cpp(256) : 0x83239000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8324a000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x83252000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x83294000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8333f000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x833b0000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x8a601000 0x00048000 "\SystemRoot\system32\drivers\ACPI.sys"
.\debug.cpp(256) : 0x8a649000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x8a652000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x8a65a000 0x0002a000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x8a684000 0x0000b000 "\SystemRoot\system32\drivers\vdrvroot.sys"
.\debug.cpp(256) : 0x8a68f000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x8a6a0000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x8a6a8000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x8a6b3000 0x00010000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x8a6c3000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8a70e000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0x8a715000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8a723000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8a739000 0x0002a000 "\SystemRoot\system32\drivers\vmbus.sys"
.\debug.cpp(256) : 0x8a763000 0x00012000 "\SystemRoot\system32\drivers\winhv.sys"
.\debug.cpp(256) : 0x8a775000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x8a77e000 0x00023000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x8a7a1000 0x0000a000 "\SystemRoot\system32\drivers\msahci.sys"
.\debug.cpp(256) : 0x8a7ab000 0x00009000 "\SystemRoot\system32\drivers\amdxata.sys"
.\debug.cpp(256) : 0x8a7b4000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8a7e8000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8a82f000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8a95e000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8a989000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8a99c000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x8a800000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8a80e000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8aa32000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8aae9000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8ab27000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8ac39000 0x0014a000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8ad83000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8adb4000 0x00009000 "\SystemRoot\system32\drivers\vmstorfl.sys"
.\debug.cpp(256) : 0x8adbd000 0x0003f000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8ac00000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8ac08000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8ab4c000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8ab5c000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8ab64000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8ab96000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8aba7000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8aa00000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8aa1f000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8aa26000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8a817000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x833be000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x833df000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8a823000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x833ec000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x833f4000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x83200000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8320b000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8f401000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8f418000 0x0000c000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8f424000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8f47e000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8f4b0000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x8f4b7000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8f4d6000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x8f4e7000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8f4f5000 0x0003b000 "\SystemRoot\system32\DRIVERS\dtsoftbus01.sys"
.\debug.cpp(256) : 0x8f530000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x8f543000 0x00011000 "\SystemRoot\system32\drivers\termdd.sys"
.\debug.cpp(256) : 0x8f554000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x8f55a000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x8f59b000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x8f5a5000 0x0000a000 "\SystemRoot\system32\drivers\mssmbios.sys"
.\debug.cpp(256) : 0x8f5af000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x8f00b000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x8f06f000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x8f087000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x8f095000 0x00027000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0x8f0bc000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x8f0dd000 0x00011000 "\SystemRoot\system32\DRIVERS\amdppm.sys"
.\debug.cpp(256) : 0x9281b000 0x00515000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x92d30000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x8f0ee000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x8f127000 0x0001f000 "\SystemRoot\system32\drivers\HDAudBus.sys"
.\debug.cpp(256) : 0x8f146000 0x00045000 "\SystemRoot\system32\DRIVERS\k57nd60x.sys"
.\debug.cpp(256) : 0x9303e000 0x0012d000 "\SystemRoot\system32\DRIVERS\athr.sys"
.\debug.cpp(256) : 0x9316b000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x93175000 0x00008000 "\SystemRoot\system32\drivers\Afc.sys"
.\debug.cpp(256) : 0x9317d000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x93183000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x9318d000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x931d8000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x931e7000 0x00018000 "\SystemRoot\system32\drivers\i8042prt.sys"
.\debug.cpp(256) : 0x93000000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8f18b000 0x00037000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0x9300d000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x9300f000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x9301c000 0x00009000 "\SystemRoot\system32\drivers\wmiacpi.sys"
.\debug.cpp(256) : 0x93025000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x93029000 0x0000d000 "\SystemRoot\system32\drivers\CompositeBus.sys"
.\debug.cpp(256) : 0x92de7000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x92800000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x8f1c2000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x8f1cd000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8f5bb000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x8f5d3000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x93210000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x93227000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x93231000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
.\debug.cpp(256) : 0x93233000 0x00034000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0x93267000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x93275000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x932b9000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x932ca000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x9331a000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x93349000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x99650000 0x00250000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x93362000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x9336c000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x93379000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x93384000 0x0000a000 "\SystemRoot\System32\Drivers\dump_msahci.sys"
.\debug.cpp(256) : 0x9338e000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x9339f000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x933b6000 0x00024000 "\SystemRoot\System32\Drivers\usbvideo.sys"
.\debug.cpp(256) : 0x933da000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x998b0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x998e0000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x933e5000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x8abcc000 0x00017000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0x8abe3000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x93200000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x98411000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x98457000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x98467000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x9847a000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x984ff000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x98518000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x9852a000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x9854d000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x98588000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x9f00d000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x9f0a4000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x9f0ae000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x9f0cf000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x9f146000 0x00050000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x9f196000 0x00052000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x9f1e8000 0x00008000 "\??\C:\Windows\system32\drivers\mbamswissarmy.sys"
.\debug.cpp(256) : 0x9f0f3000 0x0000c000 "\??\C:\Users\Acer\AppData\Local\Temp\aswMBR.sys"
.\debug.cpp(256) : 0x77620000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x47610000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77860000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00820000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x77500000 0x00111000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x777f0000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x77760000 0x00083000 "\Windows\System32\clbcatq.dll"
.\debug.cpp(256) : 0x774f0000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x774d0000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x774a0000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x77340000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x772f0000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x772e0000 0x00005000 "\Windows\System32\psapi.dll"
.\debug.cpp(256) : 0x771c0000 0x0011b000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x771b0000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x77100000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x770a0000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x76ff0000 0x000a1000 "\Windows\System32\rpcrt4.dll"
.\debug.cpp(256) : 0x76f50000 0x0009d000 "\Windows\System32\usp10.dll"
.\debug.cpp(256) : 0x76f40000 0x00006000 "\Windows\System32\nsi.dll"
.\debug.cpp(256) : 0x76da0000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x76d10000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x76c40000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x76b70000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x76ad0000 0x000a0000 "\Windows\System32\advapi32.dll"
.\debug.cpp(256) : 0x76910000 0x001b8000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x768d0000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x76850000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x75c00000 0x00c4a000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x75be0000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x75b90000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x75ab0000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(256) : 0x75a80000 0x0002d000 "\Windows\System32\wintrust.dll"
.\debug.cpp(256) : 0x75a50000 0x00027000 "\Windows\System32\cfgmgr32.dll"
.\debug.cpp(256) : 0x75a30000 0x00012000 "\Windows\System32\devobj.dll"
.\debug.cpp(256) : 0x759a0000 0x00084000 "\Windows\System32\comctl32.dll"
.\debug.cpp(256) : 0x75880000 0x0011d000 "\Windows\System32\crypt32.dll"
.\debug.cpp(256) : 0x75830000 0x0004a000 "\Windows\System32\KernelBase.dll"
.\debug.cpp(256) : 0x75820000 0x0000c000 "\Windows\System32\msasn1.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMBR"
.\debug.cpp(400) : Destination "\Device\aswMBR"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS545025B9A300_________________PB2OC60F#5&ba22499&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002A&SUBSYS_E01F105B&REV_01#4&accf357&0&0028#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMSwissArmy"
.\debug.cpp(400) : Destination "\Device\MBAMSwissArmy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#CMO1592#5&138eeaf8&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination "\Device\AgileVPN"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{276d5850-bc7a-11e0-a6d0-c9397b19578c}"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{3b35eabd-4146-11e0-989f-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_DVD_A__DS8A4SH_________________CA11____#5&34833dfb&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP3T0L0-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#CMO1592#5&138eeaf8&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&5d58d1b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{3b35eac0-4146-11e0-989f-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{d35f7840-6a0c-11d2-b841-00c04fad5171}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1692&SUBSYS_036E1025&REV_01#4&13beb59&0&0020#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination "\Device\Video5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{058A2D09-89A0-461C-8C21-6C15EEB6C3B4}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_6_-_AMD_Athlon(tm)_II_P320_Dual-Core_Processor#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4399&SUBSYS_036E1025&REV_00#3&2411e6fe&1&A5#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination "\Device\TeredoTun"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination "\Device\SPDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&27dc0b59&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) : Destination "\Device\vwififlt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000#5&323b7372&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&34c5b11f&0&5#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025036E&REV_1000#4&206d833e&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_036E1025&REV_00#3&2411e6fe&1&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi6:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DTSOFTBUS&Rev1#DTCDROM&Rev1#1&79f5d87&0&00#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000063"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025036E&REV_1000#4&206d833e&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1eb6e6c6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_16_Model_6_-_AMD_Athlon(tm)_II_P320_Dual-Core_Processor#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2a91a327&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{3b35eabd-4146-11e0-989f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025036E&REV_1000#4&206d833e&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination "\Device\IPSECDOSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025036E&REV_1000#4&206d833e&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi7:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{3b35eac1-4146-11e0-989f-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000#5&323b7372&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9712&SUBSYS_036E1025&REV_00#4&f4e2b40&0&2808#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000#5&323b7372&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025036E&REV_1000#4&206d833e&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1c772aca&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_036E1025&REV_00#3&2411e6fe&1&92#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DTSoftBusCtl"
.\debug.cpp(400) : Destination "\Device\DTSoftBusCtl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A219#HF1315-S32B-OV01-VA-R02.01.05#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination "\Device\nativewifip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A219&MI_00#6&612d10c&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000#5&323b7372&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002A&SUBSYS_E01F105B&REV_01#4&accf357&0&0028#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DTSOFTBUS&Rev1#DTCDROM&Rev1#1&79f5d87&0&00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000063"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1B17#4&27dc0b59&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000005f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1692&SUBSYS_036E1025&REV_01#4&13beb59&0&0020#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination "\Device\ssmctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{3b35eac4-4146-11e0-989f-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2f861565&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&34c5b11f&0&2#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&34c5b11f&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&27dc0b59&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000005e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025036E&REV_1000#4&206d833e&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) : Destination "\Device\WwanProt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&34c5b11f&0&4#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&12208607&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025036E&REV_1000#4&206d833e&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{27BAED83-CCA5-4BCE-80B6-35782F033A2A}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&34c5b11f&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002A&SUBSYS_E01F105B&REV_01#4&accf357&0&0028#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{60B48F98-2594-4B24-85F4-E5064350DA8A}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2a91a327&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_036E1025&REV_00#3&2411e6fe&1&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{68CA4406-E41A-408B-AD29-FB8D6B679758}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Aaspi0"
.\debug.cpp(400) : Destination "\Device\Aaspi0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&34c5b11f&0&3#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_DVD_A__DS8A4SH_________________CA11____#5&34833dfb&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP3T0L0-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_036E1025&REV_00#3&2411e6fe&1&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination "\Device\avipbb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A219&MI_00#6&612d10c&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9712&SUBSYS_036E1025&REV_00#4&f4e2b40&0&2808#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A78DFE2E-8D4E-4040-BDF8-6F5B3A45F2B5}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1152) : Done;
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
thankyou so much i can actually see all my folders on the desktop now looks like it's getting back to normal, :)


ComboFix 12-03-17.01 - Acer 17/03/2012 22:05:25.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2811.1703 [GMT 0:00]
Running from: c:\users\Acer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~nWq3lDSsOkhscE
c:\programdata\~nWq3lDSsOkhscEr
c:\programdata\nWq3lDSsOkhscE
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Acer\Desktop\System Check.lnk
.
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-grpconv_31bf3856ad364e35_6.1.7600.16385_none_a25e7b019f016e70\grpconv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 12:44 . 2012-03-17 12:44 -------- d-----w- c:\users\Acer\AppData\Roaming\Malwarebytes
2012-03-17 12:44 . 2012-03-17 12:44 -------- d-----w- c:\programdata\Malwarebytes
2012-03-17 12:44 . 2012-03-17 12:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-17 12:44 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 00:28 . 2012-03-17 00:28 -------- d-----w- c:\program files\PC Tools
2012-03-17 00:27 . 2012-03-17 16:01 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-17 00:27 . 2012-02-24 10:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-17 00:27 . 2012-03-17 16:00 -------- d-----w- c:\programdata\PC Tools
2012-03-17 00:27 . 2012-03-17 00:27 -------- d-----w- c:\users\Acer\AppData\Roaming\TestApp
2012-03-16 10:58 . 2012-02-08 06:03 6552120 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9390CFD-02A2-4E38-8867-AE73A15A5C52}\mpengine.dll
2012-03-15 11:57 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 11:57 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 11:57 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:57 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:55 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:55 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:55 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:55 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 11:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:55 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:55 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-07 15:12 . 2012-03-07 15:12 -------- d--h--w- c:\users\Acer\AppData\Roaming\ImgBurn
2012-03-07 15:06 . 2012-03-07 15:06 -------- d--h--w- c:\program files\ImgBurn
2012-03-07 14:59 . 2012-03-07 14:59 -------- d--h--w- c:\program files\gBurner
2012-02-24 19:27 . 2012-02-24 19:29 -------- d--h--w- c:\users\Acer\AppData\Local\Google
2012-02-24 19:27 . 2012-02-24 19:29 -------- d--h--w- c:\program files\Google
2012-02-22 23:40 . 2012-02-22 23:40 626688 ---ha-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-22 23:40 . 2012-02-22 23:40 548864 ---ha-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-22 23:40 . 2012-02-22 23:40 479232 ---ha-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-22 23:40 . 2012-02-22 23:40 45016 ---ha-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-22 15:39 . 2012-02-22 15:39 -------- d--h--w- c:\program files\WinSCP
2012-02-21 12:13 . 2012-02-21 12:32 -------- d--h--w- c:\users\Acer\AppData\Roaming\WindSolutions
2012-02-21 12:13 . 2012-02-21 12:15 -------- d--h--w- c:\programdata\WindSolutions
2012-02-20 00:21 . 2012-02-20 00:21 -------- d--h--w- c:\users\Acer\AppData\Local\libimobiledevice
2012-02-17 11:44 . 2012-02-19 23:51 -------- d--h--w- c:\programdata\ArcSoft
2012-02-17 11:44 . 2006-11-10 15:05 18688 ---ha-w- c:\windows\system32\drivers\afc.sys
2012-02-17 11:42 . 2012-02-17 11:44 -------- d--h--w- c:\program files\Common Files\ArcSoft
2012-02-17 11:42 . 2012-02-17 11:42 -------- d--h--w- c:\program files\ArcSoft
2012-02-17 11:42 . 1995-08-01 04:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2012-02-17 11:42 . 2012-02-19 23:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-02-17 11:39 . 2012-02-17 11:39 -------- d--h--w- c:\program files\Common Files\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 09:18 . 2011-02-26 01:37 237072 ---h--w- c:\windows\system32\MpSigStub.exe
2012-02-16 10:54 . 2011-06-02 12:29 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 08:58 . 2012-02-14 21:51 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-14 21:51 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-22 23:41 . 2011-05-06 12:13 134104 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-20 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]
"EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2007-07-11 237568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R2 LMIRescue_02d5df22-3313-48b2-909f-06909553ee62;LogMeIn Rescue (02d5df22-3313-48b2-909f-06909553ee62);c:\users\Acer\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe [x]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2009-10-16 94208]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-26 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-02 218688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 589824]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-03-21 275496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-17 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-05-19 15:50]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 19:27]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 19:27]
.
.
------- Supplementary Scan -------
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hvyoyomp.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1652265149-1394912794-1979065591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1652265149-1394912794-1979065591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3712)
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-03-17 22:20:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-17 22:20
.
Pre-Run: 47,225,053,184 bytes free
Post-Run: 48,590,405,632 bytes free
.
- - End Of File - - E4D747890BEEF8EEEC334BAD1F8D1EA1
 
Good news :)

Combofix log looks good.

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
everything seems to be running fine as far as i can tell, the start menu is missing a few items on the right where control panel and computer etc are located, and the programs menu is not showing anything at all i have to click all programs to see the programs and applicatons ,, but these are small problems , i am happy enough that everything is back .


OTL logfile created on: 18/03/2012 01:11:08 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Acer\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 69.97% Memory free
5.49 Gb Paging File | 4.56 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 44.89 Gb Free Space | 19.28% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.66 Mb Free Space | 71.66% Space Free | Partition Type: NTFS

Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/18 01:07:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
PRC - [2011/06/29 12:13:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 04:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/20 19:13:04 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/05/01 12:55:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 09:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/20 09:20:04 | 000,313,152 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/04 01:28:07 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
PRC - [2010/02/04 01:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/16 13:10:34 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007/07/11 18:18:54 | 000,237,568 | ---- | M] () -- C:\Windows\tsnp2uvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/04 01:27:55 | 000,672,424 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
MOD - [2010/02/04 00:41:38 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxcaps.dll
MOD - [2010/02/04 00:41:23 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxscw.dll
MOD - [2010/02/04 00:41:20 | 000,782,336 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxdrs.dll
MOD - [2010/02/04 00:39:11 | 000,364,544 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\iptk.dll
MOD - [2010/02/04 00:28:27 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxdatr.dll
MOD - [2010/02/04 00:28:15 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxcnv4.dll
MOD - [2007/09/06 05:11:34 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxptp.dll
MOD - [2007/07/11 18:18:54 | 000,237,568 | ---- | M] () -- C:\Windows\tsnp2uvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Users\Acer\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe -- (LMIRescue_02d5df22-3313-48b2-909f-06909553ee62) LogMeIn Rescue (02d5df22-3313-48b2-909f-06909553ee62)
SRV - [2011/06/29 12:13:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/01 12:55:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/26 01:54:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/16 13:10:34 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2009/10/16 13:00:50 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Acer\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/08/02 19:48:31 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/06/29 12:13:07 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 12:13:07 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/21 02:59:04 | 000,275,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1652265149-1394912794-1979065591-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-1652265149-1394912794-1979065591-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1652265149-1394912794-1979065591-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1652265149-1394912794-1979065591-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1652265149-1394912794-1979065591-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1652265149-1394912794-1979065591-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/20 19:13:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 23:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/08 18:02:43 | 000,000,000 | ---D | M]

[2011/02/26 01:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\Mozilla\Extensions
[2012/02/23 17:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hvyoyomp.default\extensions
[2011/08/02 19:48:21 | 000,002,059 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hvyoyomp.default\searchplugins\daemon-search.xml
[2012/02/23 17:14:44 | 000,002,057 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hvyoyomp.default\searchplugins\youtube-video-search.xml
[2011/11/10 00:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/22 23:41:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/08 18:02:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/22 23:40:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/22 23:40:57 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files\OnLive\Plugin\npolgdet.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Gmail = C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/17 22:12:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1652265149-1394912794-1979065591-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKU\S-1-5-21-1652265149-1394912794-1979065591-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1652265149-1394912794-1979065591-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1652265149-1394912794-1979065591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1652265149-1394912794-1979065591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27BAED83-CCA5-4BCE-80B6-35782F033A2A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54190533-DF39-49E6-B38A-1A7D0D301625}: DhcpNameServer = 149.254.230.7 149.254.192.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60B48F98-2594-4B24-85F4-E5064350DA8A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/18 01:07:59 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2012/03/17 22:16:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/17 22:11:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/17 22:11:00 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\temp
[2012/03/17 22:04:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/17 22:04:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/17 22:04:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/17 22:04:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/17 22:04:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/17 22:01:35 | 004,438,697 | R--- | C] (Swearware) -- C:\Users\Acer\Desktop\ComboFix.exe
[2012/03/17 20:25:36 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Acer\Desktop\boot_cleaner.exe
[2012/03/17 19:48:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Acer\Desktop\aswMBR.exe
[2012/03/17 17:23:11 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Acer\Desktop\TDSSKiller.exe
[2012/03/17 12:44:35 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Malwarebytes
[2012/03/17 12:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/17 12:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/17 12:44:29 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/17 12:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/17 00:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/03/17 00:27:51 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/03/17 00:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/17 00:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/03/17 00:27:27 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\TestApp
[2012/03/17 00:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/03/16 10:47:47 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{EA82C21F-5202-43F9-BFFA-398937B1C1AF}
[2012/03/16 10:47:35 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{E5122A11-EB89-406F-9CF6-5668B41C246A}
[2012/03/15 22:36:30 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{D8F8A137-C784-493F-97D7-5C1BEFCE630A}
[2012/03/15 22:36:18 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{6C8A1E66-FB5E-4CDD-81C4-743743A794FF}
[2012/03/14 12:35:33 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\mac os x 10.7.2 retail
[2012/03/13 13:50:59 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{80F04250-2A4F-4E27-A056-CDC6C93675F1}
[2012/03/13 13:50:46 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{FADDCAAB-5ED7-44CE-BB0A-CE54CF41D046}
[2012/03/12 14:31:58 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{7CD02CB2-CD6C-4D49-820D-3C4D14E77327}
[2012/03/12 14:31:44 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{95F98781-AE09-4E1B-992A-EF5D1C8306C7}
[2012/03/12 07:23:11 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\ebay wireless card kext
[2012/03/12 01:55:56 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{80F88A66-D333-4AE9-90B1-9741705FA0AD}
[2012/03/12 01:55:33 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{6C919A0B-85CB-4C67-8A6D-64C51692E76B}
[2012/03/11 13:55:18 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{034D9C33-9751-45D1-8B46-9ACBDAFA8ED1}
[2012/03/11 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{C62272B1-F60A-4A4D-BB37-550771F435E9}
[2012/03/11 00:13:35 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{94C07299-681F-4507-819C-E9716D17405F}
[2012/03/11 00:13:12 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{ECDA5B1C-B6C8-4806-B5B0-462711E12CE0}
[2012/03/10 12:12:59 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{1287A26B-7AC5-4640-B41D-66C0C5FB0283}
[2012/03/10 12:12:46 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{F6000FDC-D300-4375-A1CD-D5F5A1753FD6}
[2012/03/09 23:07:29 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{3C995AD9-D90C-42F8-8814-CD2E8DC80CF1}
[2012/03/09 23:07:05 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{E6E1F3C7-48BF-45B8-82DD-2D0DB05B4905}
[2012/03/09 11:07:07 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{C1353168-5D7B-4539-9CD2-F39083F648BF}
[2012/03/08 14:24:42 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{B8D10044-9E30-4279-A0BA-65BA2ABD95BB}
[2012/03/08 14:24:19 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{89A93EA5-0DF9-4A21-BE16-1907B89B9BA5}
[2012/03/08 01:14:17 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{6963993B-5904-4F12-B439-F4645F7F0186}
[2012/03/08 01:14:05 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{A92A5727-9964-409C-BAF6-C033B75A8FD6}
[2012/03/07 15:12:58 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\ImgBurn
[2012/03/07 15:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/03/07 15:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/03/07 14:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gBurner
[2012/03/07 14:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\gBurner
[2012/03/07 14:53:10 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\iphone ringtones
[2012/03/07 14:50:59 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\acer drivers
[2012/03/07 13:13:51 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{D38F6307-9E29-43E7-A79B-F3C8FD84881F}
[2012/03/07 13:13:27 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{1D7BD589-F70F-4B22-A8A5-DCCFAC6DACCA}
[2012/03/06 15:40:07 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{ACF0B30B-BABA-4E13-8A4C-796C2DA25E8F}
[2012/03/06 15:39:48 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{7B160A82-159E-42A0-A002-4187F7F3EF59}
[2012/03/06 15:30:45 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\iatkos s3
[2012/03/06 14:25:25 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\mac osx lion
[2012/02/29 13:08:13 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\mixed the sound of uk garage
[2012/02/29 02:15:22 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\ipad apps backup
[2012/02/28 01:43:46 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{AFD9D593-3575-4E05-9ECF-BD6DBE706195}
[2012/02/28 01:43:23 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{056C8960-4A14-47C0-A2F1-4B671392522B}
[2012/02/27 13:43:09 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{C1897A8E-0531-4BC5-879A-B628C4F5696A}
[2012/02/27 13:42:46 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{BB22478D-15D7-4A34-8E10-6C64E45E8231}
[2012/02/27 01:42:33 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{59925A11-0034-4AD9-8744-4CACE7B26206}
[2012/02/27 01:42:10 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{0D1B326E-28BC-4A72-BD30-AF2DA878A214}
[2012/02/26 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{BA895B01-E598-41B7-9960-68C69B921F38}
[2012/02/26 13:41:17 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{DC87EB5B-EABB-4B45-B053-513EB6E1524C}
[2012/02/25 22:15:01 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{E68DE083-5BF2-4E85-A850-32E1985A3F12}
[2012/02/25 01:13:42 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{58E15F75-1FCD-42B0-AEAD-C47E6EA8BBD6}
[2012/02/25 01:13:28 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{D1005B55-0BAA-4FD8-B919-CCD10890E1CB}
[2012/02/24 19:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/02/24 19:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/24 19:27:29 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Google
[2012/02/24 19:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/24 12:14:48 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{C394232E-5B27-47BB-8616-CE6D3404A641}
[2012/02/24 12:14:34 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{C1665253-3F40-456A-9A2D-7FF1974EA782}
[2012/02/23 17:17:52 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{2F0D7C53-C2C1-45F7-B86F-01FEC7B942E9}
[2012/02/23 17:17:37 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{85154491-BB32-4FF0-9C7C-70FE4ED3C4FB}
[2012/02/23 17:10:57 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\rc car vids
[2012/02/23 17:08:29 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\Appstore Apps
[2012/02/22 15:51:07 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\ipa,s
[2012/02/22 15:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2012/02/22 15:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012/02/22 10:57:28 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{FD03734E-4B58-4754-8987-647A7CC8D3BC}
[2012/02/22 10:57:17 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{3F9C3840-88EB-4A17-AC58-0B8F9EB526BA}
[2012/02/21 22:57:03 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{8F429AEB-79E9-46F6-9301-068F41B515A8}
[2012/02/21 22:56:51 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\{2EDF5839-5D3E-4407-86EC-67E5C02C3D7E}
[2012/02/21 13:12:58 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\drum annd bass summer slammers
[2012/02/21 12:42:46 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\ultimate drum and bass vol2
[2012/02/21 12:38:14 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\official uk top 40- 19-2-2012
[2012/02/21 12:14:58 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2012/02/21 12:13:23 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\WindSolutions
[2012/02/21 12:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012/02/20 00:21:19 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\libimobiledevice
[2012/02/18 22:43:04 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Programs
[2012/02/17 11:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Video Device
[2012/02/17 11:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SNP2UVC
[2012/02/17 11:45:47 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\InstallShield
[2012/02/17 11:44:28 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\ArcSoft
[2012/02/17 11:44:26 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\My Albums
[2012/02/17 11:44:26 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\ArcSoft
[2012/02/17 11:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/02/17 11:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012/02/17 11:44:00 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys
[2012/02/17 11:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoImpression 5
[2012/02/17 11:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2012/02/17 11:42:19 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL
[2012/02/17 11:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/02/17 11:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2012/02/17 11:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield

========== Files - Modified Within 30 Days ==========

[2012/03/18 01:07:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2012/03/18 01:05:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/18 01:05:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/17 22:32:57 | 000,017,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 22:32:57 | 000,017,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 22:31:04 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2012/03/17 22:27:51 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/17 22:27:38 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/17 22:12:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/17 22:01:31 | 004,438,697 | R--- | M] (Swearware) -- C:\Users\Acer\Desktop\ComboFix.exe
[2012/03/17 20:24:45 | 000,044,607 | ---- | M] () -- C:\Users\Acer\Desktop\bootkit_remover.zip
[2012/03/17 20:22:45 | 000,000,512 | ---- | M] () -- C:\Users\Acer\Desktop\MBR.dat
[2012/03/17 19:48:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Acer\Desktop\aswMBR.exe
[2012/03/17 17:22:28 | 002,044,822 | ---- | M] () -- C:\Users\Acer\Desktop\tdsskiller.zip
[2012/03/17 12:44:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/17 01:06:36 | 000,189,461 | ---- | M] () -- C:\Users\Acer\AppData\Local\census.cache
[2012/03/17 01:06:33 | 000,079,824 | ---- | M] () -- C:\Users\Acer\AppData\Local\ars.cache
[2012/03/17 00:58:28 | 000,000,036 | ---- | M] () -- C:\Users\Acer\AppData\Local\housecall.guid.cache
[2012/03/17 00:27:27 | 000,002,680 | ---- | M] () -- C:\Users\Acer\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk
[2012/03/16 23:40:54 | 000,000,677 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/16 10:57:25 | 000,000,946 | ---- | M] () -- C:\Users\Acer\AppData\Local\7F68A003.il
[2012/03/16 10:57:25 | 000,000,280 | ---- | M] () -- C:\Users\Acer\AppData\Local\IndexIE_7F68A003.il
[2012/03/16 00:45:57 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Acer\Desktop\TDSSKiller.exe
[2012/02/28 10:52:55 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/28 10:52:55 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/27 21:40:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2012/02/27 17:16:53 | 000,000,600 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\winscp.rnd
[2012/02/26 21:07:33 | 000,001,411 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/26 13:43:38 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/24 19:28:24 | 000,002,189 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/02/22 23:41:02 | 000,001,994 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/20 00:23:11 | 001,291,416 | ---- | M] () -- C:\s8do.2
[2012/02/20 00:23:11 | 000,697,597 | ---- | M] () -- C:\s8do.3

========== Files Created - No Company Name ==========

[2012/03/17 22:08:08 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/03/17 22:08:08 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/03/17 22:08:08 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/03/17 22:08:08 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/03/17 22:08:08 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/03/17 22:08:07 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/03/17 22:08:07 | 000,001,827 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/03/17 22:08:07 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/17 22:08:07 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/03/17 22:08:07 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/17 22:08:07 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/17 22:04:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/17 22:04:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/17 22:04:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/17 22:04:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/17 22:04:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/17 20:24:57 | 000,044,607 | ---- | C] () -- C:\Users\Acer\Desktop\bootkit_remover.zip
[2012/03/17 20:22:45 | 000,000,512 | ---- | C] () -- C:\Users\Acer\Desktop\MBR.dat
[2012/03/17 17:22:36 | 002,044,822 | ---- | C] () -- C:\Users\Acer\Desktop\tdsskiller.zip
[2012/03/17 12:44:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/17 01:06:36 | 000,189,461 | ---- | C] () -- C:\Users\Acer\AppData\Local\census.cache
[2012/03/17 01:06:33 | 000,079,824 | ---- | C] () -- C:\Users\Acer\AppData\Local\ars.cache
[2012/03/17 00:58:28 | 000,000,036 | ---- | C] () -- C:\Users\Acer\AppData\Local\housecall.guid.cache
[2012/03/17 00:27:27 | 000,002,680 | ---- | C] () -- C:\Users\Acer\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk
[2012/03/16 23:40:54 | 000,000,677 | ---- | C] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/27 21:40:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2012/02/26 13:43:38 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/24 19:28:24 | 000,002,189 | ---- | C] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/24 19:27:36 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/24 19:27:34 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/22 15:39:21 | 000,000,600 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\winscp.rnd
[2012/02/20 00:23:11 | 001,291,416 | ---- | C] () -- C
 
:\s8do.2
[2012/02/20 00:23:11 | 000,697,597 | ---- | C] () -- C:\s8do.3
[2012/02/17 11:46:17 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2012/02/17 11:46:15 | 000,237,568 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2011/11/01 14:18:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll
[2011/11/01 14:18:10 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll
[2011/11/01 14:18:10 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll
[2011/11/01 14:18:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll
[2011/11/01 14:17:43 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll
[2011/11/01 14:17:43 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll
[2011/11/01 14:17:43 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll
[2011/11/01 14:17:43 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll
[2011/11/01 14:17:43 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll
[2011/11/01 14:17:43 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll
[2011/11/01 14:17:43 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll
[2011/11/01 14:17:43 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll
[2011/11/01 14:17:43 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe
[2011/11/01 14:17:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll
[2011/11/01 14:17:42 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll
[2011/11/01 14:17:42 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll
[2011/11/01 14:17:42 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe
[2011/11/01 14:17:42 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll
[2011/11/01 14:17:42 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe
[2011/11/01 14:17:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll
[2011/11/01 13:35:40 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll
[2011/08/02 23:53:00 | 000,000,253 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\default.rss
[2011/08/02 21:23:58 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/08/02 20:15:28 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/05/16 14:55:58 | 000,000,323 | ---- | C] () -- C:\Users\Acer\AppData\Local\CastleLinkProps.dat
[2011/03/10 11:00:49 | 000,000,946 | ---- | C] () -- C:\Users\Acer\AppData\Local\7F68A003.il
[2011/03/10 11:00:49 | 000,000,280 | ---- | C] () -- C:\Users\Acer\AppData\Local\IndexIE_7F68A003.il
[2011/02/27 13:21:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/27 13:20:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/26 01:49:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/08/02 19:52:45 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DAEMON Tools Lite
[2011/04/23 15:26:16 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Foxit Software
[2011/05/19 13:30:48 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\FreeFileViewer
[2011/08/15 22:38:05 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\GrabIt
[2012/03/07 15:12:58 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\ImgBurn
[2011/08/04 13:01:08 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\NewsLeecher
[2011/12/27 01:13:30 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OnLive App
[2012/03/17 00:27:27 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\TestApp
[2011/11/11 21:43:50 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\TweakNow RegCleaner 2011
[2012/03/14 18:17:36 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\uTorrent
[2011/04/13 10:28:17 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Windows Live Writer
[2012/02/21 12:32:20 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\WindSolutions
[2012/03/17 22:31:04 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2011/12/16 02:13:16 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012/03/17 22:20:11 | 000,012,400 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/03/10 17:51:36 | 000,008,904 | ---- | M] (HTC) -- C:\EnterBootloader.exe
[2010/03/10 17:51:36 | 000,095,552 | ---- | M] () -- C:\ErrorBattery.fig
[2010/03/10 17:51:36 | 000,141,368 | ---- | M] () -- C:\ErrorUSB.fig
[2012/03/17 22:27:38 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/01 14:12:57 | 000,000,078 | ---- | M] () -- C:\lxdx.log
[2010/03/10 17:51:36 | 000,213,864 | ---- | M] () -- C:\ModelID.fig
[2012/03/17 22:27:41 | 2947,440,640 | -HS- | M] () -- C:\pagefile.sys
[2010/03/10 17:51:36 | 000,175,304 | ---- | M] (HTC) -- C:\rapitool.exe
[2010/03/10 17:51:36 | 000,000,013 | ---- | M] () -- C:\ROMUpdateUtility.cfg
[2010/03/10 17:51:36 | 000,013,512 | ---- | M] () -- C:\RUUGetInfo.exe
[2010/03/10 17:51:36 | 001,449,160 | ---- | M] (HTC) -- C:\RUUResource.dll
[2010/03/10 22:07:38 | 005,406,987 | ---- | M] () -- C:\RUU_signed.nbh
[2012/02/20 00:23:11 | 001,291,416 | ---- | M] () -- C:\s8do.2
[2012/02/20 00:23:11 | 000,697,597 | ---- | M] () -- C:\s8do.3
[2010/03/10 17:54:08 | 001,481,928 | ---- | M] (HTC) -- C:\task29.exe
[2012/03/17 19:48:36 | 000,078,934 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_17.03.2012_17.23.23_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 04:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 04:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 04:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 04:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2009/10/16 13:12:44 | 000,147,968 | ---- | M] () -- C:\Windows\system32\spool\prtprocs\w32x86\lxdxdrpp.dll
[2010/11/20 12:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/02/26 21:07:33 | 000,000,221 | -HS- | M] () -- C:\Users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/17 19:48:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Acer\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Acer\Desktop\boot_cleaner.exe
[2012/03/17 22:01:31 | 004,438,697 | R--- | M] (Swearware) -- C:\Users\Acer\Desktop\ComboFix.exe
[2010/11/20 12:17:47 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Users\Acer\Desktop\iexplorer.exe
[2012/03/18 01:07:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2012/03/09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Acer\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/03/17 22:31:04 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2012/03/17 22:27:51 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/18 01:05:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/17 22:27:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/12/16 02:13:16 | 000,032,610 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/03/10 09:45:39 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/03/10 09:45:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/03/10 09:45:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/03/10 09:45:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/03/10 09:45:39 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/03/10 09:45:39 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/19 23:51:22 | 000,000,402 | -HS- | M] () -- C:\Users\Acer\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/11/01 13:37:30 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
[2011/11/01 14:20:16 | 000,000,178 | ---- | M] () -- C:\ProgramData\lxdx.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
 
OTL Extras logfile created on: 18/03/2012 01:11:08 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Acer\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 69.97% Memory free
5.49 Gb Paging File | 4.56 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 44.89 Gb Free Space | 19.28% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.66 Mb Free Space | 71.66% Space Free | Partition Type: NTFS

Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1652265149-1394912794-1979065591-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{03E1C35C-84C1-4988-9A52-CE710932125A}" = Castle Link
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EE0B2A-84C6-494E-A7AC-6771E898F6A0}_is1" = HD2 Toolkit version 4.1
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BFACA1AA-5892-44E9-B83F-FB0D9E0F91C3}" = ArcSoft PhotoImpression 5
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{e99dbb9d-39aa-4632-9dcf-5bb0333b6dd1}" = Nero 9
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Foxit Reader" = Foxit Reader
"FreeFileViewer_is1" = Free File Viewer 2011
"gBurner" = gBurner
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"ImgBurn" = ImgBurn
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"OnLive" = OnLive
"QuickPar" = QuickPar 0.9
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.8
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.3.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1652265149-1394912794-1979065591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/03/2012 19:02:23 | Computer Name = Acer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4196

Error - 16/03/2012 19:02:24 | Computer Name = Acer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/03/2012 19:02:24 | Computer Name = Acer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5210

Error - 16/03/2012 19:02:24 | Computer Name = Acer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5210

Error - 16/03/2012 19:02:25 | Computer Name = Acer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 16/03/2012 19:02:25 | Computer Name = Acer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6349

Error - 16/03/2012 19:02:25 | Computer Name = Acer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6349

Error - 17/03/2012 09:49:57 | Computer Name = Acer-PC | Source = ESENT | ID = 488
Description = wlcomm (3696) C:\Users\Acer\AppData\Local\Microsoft\Windows Live\Contacts\sonik77@live.com\15.4\:
An attempt to create the file "C:\Users\Acer\AppData\Local\Microsoft\Windows Live\Contacts\sonik77@live.com\15.4\DBStore\contacts.pat"
failed with system error 5 (0x00000005): "Access is denied. ". The create file
operation will fail with error -1032 (0xfffffbf8).

Error - 17/03/2012 09:49:57 | Computer Name = Acer-PC | Source = ESENT | ID = 217
Description = wlcomm (3696) C:\Users\Acer\AppData\Local\Microsoft\Windows Live\Contacts\sonik77@live.com\15.4\:
Error (-1032) during backup of a database (file C:\Users\Acer\AppData\Local\Microsoft\Windows
Live\Contacts\sonik77@live.com\15.4\DBStore\contacts.edb). The database will be
unable to restore.

Error - 17/03/2012 09:49:57 | Computer Name = Acer-PC | Source = ESENT | ID = 215
Description = wlcomm (3696) C:\Users\Acer\AppData\Local\Microsoft\Windows Live\Contacts\sonik77@live.com\15.4\:
The backup has been stopped because it was halted by the client or the connection
with the client failed.

[ System Events ]
Error - 11/03/2012 15:12:35 | Computer Name = Acer-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/03/2012 16:49:16 | Computer Name = Acer-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/03/2012 17:31:30 | Computer Name = Acer-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/03/2012 17:33:39 | Computer Name = Acer-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/03/2012 19:10:25 | Computer Name = Acer-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/03/2012 20:59:06 | Computer Name = Acer-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/03/2012 02:44:35 | Computer Name = Acer-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/03/2012 06:19:24 | Computer Name = Acer-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/03/2012 10:31:17 | Computer Name = Acer-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/03/2012 14:52:35 | Computer Name = Acer-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >
 
Very well :)

Uninstall TweakNow RegCleaner 2011.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


==================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/03/16 23:40:54 | 000,000,677 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
tweaknow is gone :)

ESET never found anything so no log ,

here are the other logs requested ,

All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Acer
->Temp folder emptied: 2000 bytes
->Temporary Internet Files folder emptied: 11749508 bytes
->Java cache emptied: 309423 bytes
->FireFox cache emptied: 58616563 bytes
->Google Chrome cache emptied: 159051097 bytes
->Flash cache emptied: 23761 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 219.00 mb


[EMPTYJAVA]

User: Acer
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Acer
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03182012_120724

Files\Folders moved on Reboot...
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L58XUVQP\aclk[1].htm moved successfully.
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L58XUVQP\data_sync[1].htm moved successfully.
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKKW81TW\ads[3].htm moved successfully.
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKKW81TW\showthread[1].htm moved successfully.
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DLTTTUY0\fastbutton[1].htm moved successfully.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
Adobe Flash Player 11.1.102.62
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````


Farbar Service Scanner Version: 01-03-2012
Ran by Acer (administrator) on 18-03-2012 at 12:25:07
Running from "C:\Users\Acer\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
:D thankyou so much for your help Broni, really appreciated,

heres the OTL log , i'll go through the rest of the list now

but the computer seems to be back to normal working well, maybe even better than before ;)

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Acer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 13528105 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53909037 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1017 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.00 mb


[EMPTYFLASH]

User: Acer
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Acer
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.39.1 log created on 03182012_220306

Files\Folders moved on Reboot...
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IN0LVKOC\topic178843-2[1].htm moved successfully.
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1UC012R\ads[5].htm moved successfully.

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

zohaibahd
A developer somehow got an entire OS running on Google Drive
Replies
1
Views
509
opckieran
O
Shawn Knight
Pocket 386 retro laptop with 40 MHz CPU, 8 MB RAM arrives for under $200
Replies
8
Views
630
trgz
trgz
M
The fallacy of the cashless monetary system
Replies
0
Views
1K
Mark Fuller
M

Latest posts

Back