I am in safe mode, and clicked to open SuperAntiSpyware. It has been 30 minutes and nothing happened yet. I might still wait since i have seen things take longer than that with this state of the computer.
Printable View
I am in safe mode, and clicked to open SuperAntiSpyware. It has been 30 minutes and nothing happened yet. I might still wait since i have seen things take longer than that with this state of the computer.
Stop that.
I'm starting having doubts, if we're dealing here with malware issues.
Restart in normal mode.
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
https://discussions.virtualdr.com/
On completion of the scan click "Save log", save it to your desktop and post in your next reply:
https://discussions.virtualdr.com/
==================================================
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Still sooooo slow. Clicked on the aswMBR. Got a warning window stating that it was about to make changes or something like that (just a regular warning window i get often when running those). I clicked YES, and i am still waiting. It has been another 20 minutes or so. I will head for bed now, so maybe, in the morning, i will have that back window where i can click SCAN.
Unless you have something else to suggest before i get back at the computer.
Keep trying, please.
I am sure the computer got scared. As soon as i posted that, the black window appeared. So i DIdi click on SCAN, and will see what it does. Seems to be going as fast as molasse in winter!
OK....
Here is the log:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-03 00:22:01
-----------------------------
00:22:01.531 OS Version: Windows x64 6.1.7600
00:22:01.531 Number of processors: 4 586 0x2502
00:22:01.531 ComputerName: ACER UserName: user
00:34:49.903 Initialize success
00:36:54.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:36:54.578 Disk 0 Vendor: ST375052 CC44 Size: 715404MB BusType: 8
00:36:57.433 Disk 0 MBR read successfully
00:36:57.433 Disk 0 MBR scan
00:36:57.433 Disk 0 Windows 7 default MBR code
00:36:57.449 Service scanning
01:23:58.105 Disk 0 trace - called modules:
01:24:00.554 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:24:00.554 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004aac060]
01:24:00.554 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004953050]
01:24:00.570 Scan finished successfully
04:17:37.613 Disk 0 MBR has been saved successfully to "K:\securityMay\MBR.dat"
04:18:31.449 The log file has been saved successfully to "K:\securityMay\aswMBR.txt"
Onto the next step, OTL
Cool :)
I started the OTL scan this morning, and after 11 hours, it is still scanning. It is slow, that if for sure, but it is not frozen, so i will let it go for now. *hearing the Jeopardy theme music*
Keep me posted...
On the corner of my eye, i noticed two black windows with DOS commands came up, and closed. OTL is doing Manual File Scan - Getting Folder Structure. I have no idea how far that is in the process, nor how long it will take that slow computer to complete it! But, it is not frozen!
That's good. Keep it going.
To avoid any false positive, what should i see when it is actually done? Will the log be popping on top of the OTL window?
Yes...
Is there something i should see change on the OTL window to indicate it is still working? (as opposed to being frozen)
You should see scanning progress.
You said before, there was some progress.
Yeah, earlier, i saw two windows popup, but since then (i admit that the screen saver comes on but i check often), i still see the Manual File Scan - Getting Folder STructure. I dont know if it is normally a long process at that stage or not. That is why i am wondering.
Stop that process.
Using another working computer, create CD listed below and boot bad computer from it.
Please download OTLPE (filesize 120,9 MB)
- When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
- Reboot your system using the boot CD you just created.
- Note : If you do not know how to set your computer to boot from CD follow the steps HERE
- Your system should now display a REATOGO-X-PE desktop.
- Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
- Double-click on the OTLPE icon.
- When asked Do you wish to load the remote registry, select Yes
- When asked Do you wish to load remote user profile(s) for scanning, select Yes
- Ensure the box Automatically Load All Remaining Users" is checked and press OK
- OTL should now start.
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.
Okie dokie
Got the boot disk created, got the Reatogo desktop, double-clicked on the OTLPE icon and now, i have the window "Browse for folder". Is it looking for something specific? That is not in the instructions.
Navigate to a folder, where Windows is actually installed.
In most cases, it'd be C:\Windows
When i run OTL, should i include all the Custom info you posted in the previous post when you first instructed me to run OTL or should i ONLY run it without it?
No custom script needed.
One thing for sure, the "progress" at the bottom of that window is going lightening speed compared to what it WAS doing. This is DEFINITELY working. Not sure how long it will take, but probably not 12 hours!
As I told you before, I don't feel like we're dealing here with any infection.
I'll know more, when I'll get that log.
Since the process goes fine while booted from the CD, you may have either Windows installation problem, or hard drive issue, since neither is involved while booting from the CD.
Tried twice to post this... maybe it is too long so i will split it in half.
OTL logfile created on: 6/3/2011 11:48:00 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = K: | %SystemRoot% = K:\Windows | %ProgramFiles% = K:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 293.53 Gb Free Space | 31.51% Space Free | Partition Type: NTFS
Drive E: | 243.49 Mb Total Space | 137.96 Mb Free Space | 56.66% Space Free | Partition Type: FAT
Drive K: | 683.54 Gb Total Space | 462.76 Gb Free Space | 67.70% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand] -- K:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto] -- K:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- K:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/11/23 14:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto] -- K:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 14:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto] -- K:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- K:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- K:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/05/17 20:20:35 | 003,275,864 | ---- | M] () [Auto] -- K:\Program Files (x86)\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/18 05:41:17 | 001,181,328 | ---- | M] (Lavasoft) [Auto] -- K:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/15 05:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto] -- K:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/01/28 13:50:42 | 002,437,536 | ---- | M] (Neevia Technology) [On_Demand] -- K:\Program Files (x86)\neevia.com\docuPrinterPro\neeviaDP6.lib -- (NVDPservice)
SRV - [2010/12/12 10:19:57 | 003,246,040 | ---- | M] (Acronis) [Auto] -- K:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/12/06 04:58:36 | 001,112,240 | ---- | M] (Acronis) [Auto] -- K:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto] -- K:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- K:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/13 15:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- K:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/30 23:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto] -- K:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 23:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto] -- K:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [On_Demand] -- K:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/12 19:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- K:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- K:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand] -- K:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- K:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto] -- K:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/12/12 10:20:00 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand] -- K:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/12/12 10:19:55 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot] -- K:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2010/12/12 10:19:53 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot] -- K:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/12/12 10:19:49 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot] -- K:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/03/27 20:00:48 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto] -- K:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/03/19 11:40:39 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot] -- K:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/02/22 12:53:27 | 000,121,280 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- K:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- K:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- K:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/10/29 04:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- K:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/07 20:37:48 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/25 19:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/09/23 05:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/27 14:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- K:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/07/17 16:14:50 | 000,095,744 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- K:\Windows\System32\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009/06/19 18:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- K:\Windows\System32\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/11 01:34:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\agrsm64.sys -- (AGERESoftModem)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- K:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- K:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- K:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- K:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- K:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- K:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- K:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/20 10:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- K:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2007/02/16 09:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- K:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/02/22 12:53:27 | 000,121,280 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- K:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...5v145w4941u445
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\user_ON_K\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\user_ON_K\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
IE - HKU\user_ON_K\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\user_ON_K\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[2011/02/11 23:27:24 | 000,000,000 | ---D | M] (No name found) -- K:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/11 23:27:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- K:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O1 HOSTS File: ([2011/06/02 09:59:58 | 000,000,027 | ---- | M]) - K:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - K:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - K:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - K:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - K:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - K:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - K:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - K:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - K:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - K:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - K:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - K:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - K:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Barre d'outils) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - K:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\user_ON_K\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - K:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\user_ON_K\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - K:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKU\user_ON_K\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - K:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] K:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [IAAnotif] K:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] K:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] K:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] K:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] K:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] K:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] K:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] K:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] K:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] K:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] K:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] K:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SAOB Monitor] K:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Standby] K:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [TrueImageMonitor.exe] K:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\user_ON_K..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] K:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\user_ON_K..\Run: [Corel Photo Downloader] K:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKU\user_ON_K..\Run: [Jing] K:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\user_ON_K..\Run: [Messenger (Yahoo!)] K:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\user_ON_K..\Run: [NoteZilla] K:\Program Files (x86)\Conceptworld\NoteZilla\NoteZilla.exe (Conceptworld Corporation)
O4 - HKU\user_ON_K..\Run: [SUPERAntiSpyware] K:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\user_ON_K\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - K:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - K:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - K:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - K:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.4.cab (DLM Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/...?1269960903891 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://persnicketyprints.lifepics.co...Uploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - K:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - K:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - K:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/04 21:01:02 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Second part:
========== Files/Folders - Created Within 30 Days ==========
[2011/06/03 03:38:40 | 000,580,096 | ---- | C] (OldTimer Tools) -- K:\Users\user\Desktop\OTL.exe
[2011/06/02 23:00:34 | 000,589,632 | ---- | C] (AVAST Software) -- K:\Users\user\Desktop\aswMBR.exe
[2011/06/02 22:52:47 | 000,000,000 | R--D | C] -- K:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/06/02 21:16:38 | 000,000,000 | -HSD | C] -- K:\$RECYCLE.BIN
[2011/06/02 20:03:57 | 000,000,000 | ---D | C] -- K:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/02 20:03:57 | 000,000,000 | ---D | C] -- K:\ProgramData\SUPERAntiSpyware.com
[2011/06/02 19:55:33 | 000,000,000 | ---D | C] -- K:\ProgramData\!SASCORE
[2011/06/02 19:55:08 | 000,000,000 | ---D | C] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/02 19:50:27 | 000,000,000 | ---D | C] -- K:\Program Files\SUPERAntiSpyware
[2011/06/02 19:49:29 | 011,008,200 | ---- | C] (SUPERAntiSpyware.com) -- K:\Users\user\Desktop\SUPERAntiSpyware.exe
[2011/06/02 11:51:33 | 000,000,000 | ---D | C] -- K:\Windows\temp
[2011/06/01 02:14:27 | 000,518,144 | ---- | C] (SteelWerX) -- K:\Windows\SWREG.exe
[2011/06/01 02:14:27 | 000,406,528 | ---- | C] (SteelWerX) -- K:\Windows\SWSC.exe
[2011/06/01 02:14:27 | 000,060,416 | ---- | C] (NirSoft) -- K:\Windows\NIRCMD.exe
[2011/05/31 21:59:14 | 000,000,000 | ---D | C] -- K:\Qoobox
[2011/05/31 21:42:13 | 004,109,019 | R--- | C] (Swearware) -- K:\Users\user\Desktop\ComboFix.exe
[2011/05/31 19:41:01 | 000,606,738 | R--- | C] (Swearware) -- K:\Users\user\Desktop\dds.scr
[2011/05/30 19:13:49 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- K:\Users\user\Desktop\scanner1.exe
[2011/05/29 21:17:30 | 000,000,000 | ---D | C] -- K:\Users\user\AppData\Roaming\Atari
[2011/05/28 13:29:14 | 000,000,000 | ---D | C] -- K:\Users\user\AppData\Roaming\Leadertech
[2011/05/28 13:29:12 | 000,000,000 | ---D | C] -- K:\Users\user\Documents\RCT3
[2011/05/28 13:29:10 | 000,000,000 | ---D | C] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2011/05/28 13:18:23 | 000,000,000 | ---D | C] -- K:\Program Files (x86)\Atari
[2011/05/28 09:21:02 | 000,000,000 | ---D | C] -- K:\Users\user\Documents\Wondershare DVD Slideshow Builder Standard
[2011/05/28 09:21:02 | 000,000,000 | ---D | C] -- K:\ProgramData\Wondershare
[2011/05/28 09:20:38 | 000,000,000 | ---D | C] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2011/05/28 09:20:05 | 000,000,000 | ---D | C] -- K:\Program Files (x86)\Wondershare
[2011/05/21 15:19:20 | 000,000,000 | ---D | C] -- K:\Program Files (x86)\TeamViewer
[2011/05/21 15:09:22 | 000,000,000 | ---D | C] -- K:\Users\user\AppData\Roaming\TeamViewer
[2011/05/18 18:49:04 | 000,142,336 | ---- | C] (Microsoft Corporation) -- K:\Windows\System32\poqexec.exe
[2011/05/18 18:49:04 | 000,123,904 | ---- | C] (Microsoft Corporation) -- K:\Windows\SysWow64\poqexec.exe
[2011/05/11 06:01:32 | 005,509,504 | ---- | C] (Microsoft Corporation) -- K:\Windows\System32\ntoskrnl.exe
[2011/05/11 06:01:31 | 003,957,632 | ---- | C] (Microsoft Corporation) -- K:\Windows\SysWow64\ntkrnlpa.exe
[2011/05/11 06:01:29 | 003,901,824 | ---- | C] (Microsoft Corporation) -- K:\Windows\SysWow64\ntoskrnl.exe
[2011/05/09 20:45:52 | 000,000,000 | ---D | C] -- K:\Users\user\AppData\Roaming\Ulead Systems
[2011/05/09 20:45:50 | 000,000,000 | ---D | C] -- K:\Users\user\Documents\Corel PaintShop Pro
[2011/05/09 20:45:50 | 000,000,000 | ---D | C] -- K:\Users\user\AppData\Local\Corel PaintShop Pro
[2011/05/09 20:44:44 | 000,000,000 | ---D | C] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X4
[2010/03/19 11:15:39 | 000,082,816 | ---- | C] (VSO Software) -- K:\Users\user\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2011/06/03 20:31:13 | 000,000,898 | ---- | M] () -- K:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/03 13:32:12 | 000,000,894 | ---- | M] () -- K:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/03 03:29:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- K:\Users\user\Desktop\OTL.exe
[2011/06/02 23:10:40 | 000,009,920 | -H-- | M] () -- K:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 23:10:37 | 000,009,920 | -H-- | M] () -- K:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 22:52:25 | 000,065,536 | ---- | M] () -- K:\Windows\System32\Ikeext.etl
[2011/06/02 22:52:11 | 000,067,584 | --S- | M] () -- K:\Windows\bootstat.dat
[2011/06/02 22:52:02 | 3113,533,440 | -HS- | M] () -- K:\hiberfil.sys
[2011/06/02 22:45:48 | 000,589,632 | ---- | M] (AVAST Software) -- K:\Users\user\Desktop\aswMBR.exe
[2011/06/02 19:55:31 | 000,001,844 | ---- | M] () -- K:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/02 19:55:31 | 000,000,000 | ---D | M] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/02 19:43:34 | 011,008,200 | ---- | M] (SUPERAntiSpyware.com) -- K:\Users\user\Desktop\SUPERAntiSpyware.exe
[2011/06/02 09:59:58 | 000,000,027 | ---- | M] () -- K:\Windows\System32\drivers\etc\hosts
[2011/06/01 09:51:08 | 000,001,189 | ---- | M] () -- K:\Windows\System32\Pen_Tablet.dat
[2011/05/31 21:41:09 | 000,000,804 | ---- | M] () -- K:\Users\user\Desktop\ComboFix.exe - Shortcut (3).lnk
[2011/05/31 21:40:51 | 000,000,804 | ---- | M] () -- K:\Users\user\Desktop\ComboFix.exe - Shortcut (2).lnk
[2011/05/31 21:30:24 | 000,000,804 | ---- | M] () -- K:\Users\user\Desktop\ComboFix.exe - Shortcut.lnk
[2011/05/31 21:11:40 | 004,109,019 | R--- | M] (Swearware) -- K:\Users\user\Desktop\ComboFix.exe
[2011/05/31 20:44:51 | 000,625,390 | ---- | M] () -- K:\Windows\System32\perfh009.dat
[2011/05/31 20:44:51 | 000,112,280 | ---- | M] () -- K:\Windows\System32\perfc009.dat
[2011/05/30 19:37:40 | 000,000,000 | ---D | M] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/30 19:00:42 | 000,606,738 | R--- | M] (Swearware) -- K:\Users\user\Desktop\dds.scr
[2011/05/30 19:00:16 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- K:\Users\user\Desktop\scanner1.exe
[2011/05/30 19:00:10 | 000,080,384 | ---- | M] () -- K:\Users\user\Desktop\MBRCheck.exe
[2011/05/30 18:59:50 | 000,302,592 | ---- | M] () -- K:\Users\user\Desktop\my1f1yw0.exe
[2011/05/28 17:10:23 | 000,012,288 | ---- | M] () -- K:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/28 13:29:10 | 000,000,000 | ---D | M] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2011/05/28 09:20:38 | 000,000,000 | ---D | M] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2011/05/26 21:33:36 | 000,001,682 | -HS- | M] () -- K:\ProgramData\KGyGaAvL.sys
[2011/05/26 18:59:14 | 000,000,230 | ---- | M] () -- K:\Windows\wininit.ini
[2011/05/26 18:59:12 | 000,001,014 | ---- | M] () -- K:\Users\user\Desktop\Dropbox.lnk
[2011/05/26 18:59:12 | 000,000,994 | ---- | M] () -- K:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/25 21:22:49 | 000,002,930 | -HS- | M] () -- K:\Windows\SysWow64\KGyGaAvL.sys
[2011/05/22 14:58:57 | 000,001,096 | ---- | M] () -- K:\Users\Public\Desktop\Ad-Aware.lnk
[2011/05/21 15:19:28 | 000,001,210 | ---- | M] () -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/05/21 15:19:28 | 000,001,198 | ---- | M] () -- K:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/05/18 22:21:30 | 000,004,515 | ---- | M] () -- K:\Users\user\Documents\ChatLog Office Hours 2011_05_18 23_21.rtf
[2011/05/09 20:44:45 | 000,001,126 | ---- | M] () -- K:\Users\Public\Desktop\Corel PaintShop Pro X4.lnk
[2011/05/09 20:44:45 | 000,000,000 | ---D | M] -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X4
========== Files Created - No Company Name ==========
[2011/06/02 19:55:31 | 000,001,844 | ---- | C] () -- K:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/01 02:14:27 | 000,256,512 | ---- | C] () -- K:\Windows\PEV.exe
[2011/06/01 02:14:27 | 000,208,896 | ---- | C] () -- K:\Windows\MBR.exe
[2011/06/01 02:14:27 | 000,098,816 | ---- | C] () -- K:\Windows\sed.exe
[2011/06/01 02:14:27 | 000,080,412 | ---- | C] () -- K:\Windows\grep.exe
[2011/06/01 02:14:27 | 000,068,096 | ---- | C] () -- K:\Windows\zip.exe
[2011/05/31 21:41:09 | 000,000,804 | ---- | C] () -- K:\Users\user\Desktop\ComboFix.exe - Shortcut (3).lnk
[2011/05/31 21:40:51 | 000,000,804 | ---- | C] () -- K:\Users\user\Desktop\ComboFix.exe - Shortcut (2).lnk
[2011/05/31 21:30:24 | 000,000,804 | ---- | C] () -- K:\Users\user\Desktop\ComboFix.exe - Shortcut.lnk
[2011/05/31 19:11:15 | 000,080,384 | ---- | C] () -- K:\Users\user\Desktop\MBRCheck.exe
[2011/05/31 16:51:24 | 000,302,592 | ---- | C] () -- K:\Users\user\Desktop\my1f1yw0.exe
[2011/05/22 14:58:57 | 000,001,096 | ---- | C] () -- K:\Users\Public\Desktop\Ad-Aware.lnk
[2011/05/21 15:19:28 | 000,001,210 | ---- | C] () -- K:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/05/21 15:19:28 | 000,001,198 | ---- | C] () -- K:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/05/18 22:21:30 | 000,004,515 | ---- | C] () -- K:\Users\user\Documents\ChatLog Office Hours 2011_05_18 23_21.rtf
[2011/05/09 20:44:45 | 000,001,126 | ---- | C] () -- K:\Users\Public\Desktop\Corel PaintShop Pro X4.lnk
[2011/04/27 08:57:21 | 000,000,020 | ---- | C] () -- K:\Users\user\AppData\Local\UACBrResultRetrieving.dat
[2011/03/04 17:58:10 | 000,103,936 | ---- | C] () -- K:\Windows\SysWow64\neeviaprtntwt64.dll
[2011/03/04 17:58:10 | 000,073,216 | ---- | C] () -- K:\Windows\SysWow64\neeviaprtntwt.dll
[2011/03/04 17:58:10 | 000,025,600 | ---- | C] () -- K:\Windows\SysWow64\unneeviaprt.exe
[2011/02/26 08:41:31 | 000,001,682 | -HS- | C] () -- K:\ProgramData\KGyGaAvL.sys
[2011/02/26 08:41:31 | 000,000,008 | RHS- | C] () -- K:\ProgramData\C649AF1A58.sys
[2011/02/11 23:27:32 | 000,000,000 | ---- | C] () -- K:\Windows\nsreg.dat
[2011/01/31 21:00:44 | 000,722,382 | ---- | C] () -- K:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/15 22:49:52 | 000,000,056 | -H-- | C] () -- K:\ProgramData\ezsidmv.dat
[2011/01/09 16:05:01 | 000,002,930 | -HS- | C] () -- K:\Windows\SysWow64\KGyGaAvL.sys
[2010/12/14 20:40:32 | 000,000,036 | ---- | C] () -- K:\Users\user\AppData\Local\housecall.guid.cache
[2010/11/27 10:16:11 | 001,127,408 | ---- | C] () -- K:\Windows\goober Messenger Uninstaller.exe
[2010/08/31 11:25:23 | 000,000,326 | ---- | C] () -- K:\Users\user\AppData\Roaming\wklnhst.dat
[2010/06/27 09:46:49 | 000,001,536 | ---- | C] () -- K:\Windows\EyeCand3.INI
[2010/06/20 00:11:26 | 000,004,295 | ---- | C] () -- K:\Windows\jmgb_n16.ini
[2010/06/20 00:11:26 | 000,001,439 | ---- | C] () -- K:\Windows\ckcd-n24.ini
[2010/05/30 22:22:33 | 000,000,020 | ---- | C] () -- K:\Windows\TemplateWizard.INI
[2010/04/24 09:07:36 | 000,012,288 | ---- | C] () -- K:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/18 18:53:14 | 000,000,168 | RHS- | C] () -- K:\Windows\SysWow64\4158E6E4CB.sys
[2010/03/28 16:12:43 | 000,000,230 | ---- | C] () -- K:\Windows\wininit.ini
[2010/03/28 11:34:55 | 000,016,384 | ---- | C] () -- K:\Windows\SysWow64\FileOps.exe
[2010/03/19 11:33:11 | 000,000,376 | ---- | C] () -- K:\Windows\ODBC.INI
[2010/03/19 11:17:45 | 000,165,376 | ---- | C] () -- K:\Windows\SysWow64\unrar.dll
[2010/03/19 11:17:44 | 000,000,038 | ---- | C] () -- K:\Windows\avisplitter.ini
[2010/03/19 11:17:42 | 000,881,664 | ---- | C] () -- K:\Windows\SysWow64\xvidcore.dll
[2010/03/19 11:17:42 | 000,205,824 | ---- | C] () -- K:\Windows\SysWow64\xvidvfw.dll
[2010/03/19 11:17:41 | 000,085,504 | ---- | C] () -- K:\Windows\SysWow64\ff_vfw.dll
[2010/03/19 11:16:58 | 000,001,041 | ---- | C] () -- K:\Users\user\AppData\Roaming\vso_ts_preview.xml
[2010/03/19 11:15:39 | 000,007,859 | ---- | C] () -- K:\Users\user\AppData\Roaming\pcouffin.cat
[2010/03/19 11:15:39 | 000,001,167 | ---- | C] () -- K:\Users\user\AppData\Roaming\pcouffin.inf
[2010/03/19 11:14:52 | 000,000,043 | -HS- | C] () -- K:\ProgramData\.zreglib
[2009/12/01 18:14:22 | 000,874,032 | ---- | C] () -- K:\Windows\SysWow64\igkrng575.bin
[2009/12/01 18:14:22 | 000,208,896 | ---- | C] () -- K:\Windows\SysWow64\iglhsip32.dll
[2009/12/01 18:14:22 | 000,147,456 | ---- | C] () -- K:\Windows\SysWow64\iglhcp32.dll
[2009/12/01 18:14:20 | 000,049,712 | ---- | C] () -- K:\Windows\SysWow64\igfcg575m.bin
[2009/12/01 18:14:19 | 000,127,896 | ---- | C] () -- K:\Windows\SysWow64\igcompkrng575.bin
[2009/07/30 21:58:42 | 000,000,326 | ---- | C] () -- K:\Windows\primopdf.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- K:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- K:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- K:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- K:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- K:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- K:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- K:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- K:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- K:\Windows\SysWow64\mlang.dat
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- K:\Windows\SysWow64\PSIService.exe
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- K:\Windows\SysWow64\OUTLPERF.INI
========== LOP Check ==========
[2011/06/02 19:55:33 | 000,000,000 | ---D | M] -- K:\ProgramData\!SASCORE
[2009/12/01 18:46:16 | 000,000,000 | ---D | M] -- K:\ProgramData\Acer
[2010/09/23 05:14:06 | 000,000,000 | ---D | M] -- K:\ProgramData\Acronis
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Application Data
[2011/05/03 22:04:18 | 000,000,000 | ---D | M] -- K:\ProgramData\Aviosoft
[2009/12/01 18:38:45 | 000,000,000 | ---D | M] -- K:\ProgramData\BackupManager
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Documents
[2009/12/01 19:04:02 | 000,000,000 | ---D | M] -- K:\ProgramData\EgisTec
[2009/12/01 19:02:07 | 000,000,000 | ---D | M] -- K:\ProgramData\eSobi
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Favorites
[2010/03/25 23:03:18 | 000,000,000 | ---D | M] -- K:\ProgramData\InterVideo
[2010/03/19 10:37:06 | 000,000,000 | ---D | M] -- K:\ProgramData\McQcModifier-5c47-a7b0
[2010/03/19 06:20:19 | 000,000,000 | ---D | M] -- K:\ProgramData\OEM
[2011/04/04 19:59:26 | 000,000,000 | ---D | M] -- K:\ProgramData\Panda Security
[2010/04/14 09:16:16 | 000,000,000 | ---D | M] -- K:\ProgramData\Partner
[2010/12/13 20:03:26 | 000,000,000 | ---D | M] -- K:\ProgramData\PearlMountainSoft
[2011/03/04 17:58:23 | 000,000,000 | ---D | M] -- K:\ProgramData\Program Files (x86)
[2011/03/08 20:31:28 | 000,000,000 | ---D | M] -- K:\ProgramData\regid.1986-12.com.adobe
[2010/03/19 11:14:01 | 000,000,000 | ---D | M] -- K:\ProgramData\SlySoft
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Start Menu
[2010/04/18 10:42:59 | 000,000,000 | ---D | M] -- K:\ProgramData\TechSmith
[2009/12/24 01:51:05 | 000,000,000 | ---D | M] -- K:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- K:\ProgramData\Templates
[2010/04/05 10:23:51 | 000,000,000 | ---D | M] -- K:\ProgramData\Ulead Systems
[2010/03/27 21:04:04 | 000,000,000 | ---D | M] -- K:\ProgramData\WildTangent
[2011/05/28 09:21:02 | 000,000,000 | ---D | M] -- K:\ProgramData\Wondershare
[2010/10/31 16:48:48 | 000,000,000 | ---D | M] -- K:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/03/19 11:38:42 | 000,000,000 | -H-D | M] -- K:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2011/02/10 00:30:10 | 000,032,536 | ---- | M] () -- K:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
I see nothing malicious there, so....
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
Good luck!
So, although my computer is slow.. it is cleanly slow?
Oh, and any suggestions as how to revert to the pre- reatogo state? Just change the BIOS again?
You don't have to change anything.
Remove the CD and restart computer.
OK, thanks.
Sure thing :)