Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TDSS and PING.exe taking up CPU time


  • Please log in to reply

#1
Akgis

Akgis

    New Member

  • Member
  • Pip
  • 2 posts
I had the problem of Ping.exe taking my CPU to 100%, I did some investigation and seems the culprit is TDSS rootkit, I ran the Kaspersky TDSSkiller and only thing I had there as suspicions was the TDSS file system I deleted it, and now I haven had PING.exe taking resources again, I also updated my Windows which wasnt update

Iam still abit paranoiac, I was hoping if any of you could help me check if my PC is clean afterall.

I have provided in attachment the OTL quick scan log, I will be glad to provide other logs if requested.

Thanks alot

edit: PING.EXE takign resources its still there and I dont know what else to do.

OTL logfile created on: 22-01-2012 17:14:42 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Helder\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

4,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 47,61% Memory free
8,00 Gb Paging File | 5,66 Gb Available in Paging File | 70,80% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 18,07 Gb Free Space | 7,40% Space Free | Partition Type: NTFS
Drive D: | 221,62 Gb Total Space | 4,13 Gb Free Space | 1,86% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 80,78 Gb Free Space | 8,67% Space Free | Partition Type: NTFS

Computer Name: PCSALA7 | User Name: Helder | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-01-22 17:09:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Helder\Downloads\OTL.exe
PRC - [2011-12-23 14:39:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011-11-12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011-11-10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011-06-24 05:37:58 | 000,049,340 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2011-01-20 09:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010-11-05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010-11-05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010-03-18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009-07-14 01:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2011-12-23 14:39:50 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011-11-15 09:25:12 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011-07-03 15:15:08 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2011-07-03 15:15:08 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2011-07-03 15:15:08 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2011-07-03 15:15:08 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
MOD - [2011-07-03 15:15:07 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2011-07-03 15:15:07 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
MOD - [2011-07-03 15:15:07 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2011-07-03 15:15:07 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2011-07-03 15:15:07 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2011-06-24 05:38:16 | 000,036,068 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
MOD - [2011-06-24 05:38:16 | 000,030,333 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
MOD - [2011-06-24 05:38:14 | 000,024,106 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll
MOD - [2011-06-24 05:38:14 | 000,023,455 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
MOD - [2011-06-24 05:38:14 | 000,022,901 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
MOD - [2011-06-24 05:38:14 | 000,017,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
MOD - [2011-06-24 05:38:14 | 000,013,589 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
MOD - [2011-06-24 05:38:12 | 000,063,229 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
MOD - [2011-06-24 05:38:12 | 000,024,487 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
MOD - [2011-06-24 05:38:12 | 000,019,854 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
MOD - [2011-06-24 05:38:12 | 000,010,624 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
MOD - [2011-06-24 05:38:12 | 000,007,162 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll
MOD - [2011-06-24 05:38:10 | 000,023,390 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
MOD - [2011-06-24 05:38:10 | 000,010,203 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
MOD - [2011-06-24 05:38:10 | 000,010,075 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll
MOD - [2011-06-24 05:38:10 | 000,010,026 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll
MOD - [2011-06-24 05:38:08 | 000,022,335 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll
MOD - [2011-06-24 05:38:08 | 000,014,905 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll
MOD - [2011-06-24 05:38:08 | 000,011,669 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
MOD - [2011-06-24 05:38:08 | 000,009,126 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll
MOD - [2011-06-24 05:38:06 | 000,149,298 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
MOD - [2011-06-24 05:38:06 | 000,045,348 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
MOD - [2011-06-24 05:38:06 | 000,039,509 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
MOD - [2011-06-24 05:38:06 | 000,018,502 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
MOD - [2011-06-24 05:38:06 | 000,017,519 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
MOD - [2011-06-24 05:38:06 | 000,014,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
MOD - [2011-06-24 05:38:04 | 000,301,713 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
MOD - [2011-06-24 05:38:04 | 000,121,433 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
MOD - [2011-06-24 05:38:04 | 000,096,958 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
MOD - [2011-06-24 05:38:04 | 000,092,138 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
MOD - [2011-06-24 05:38:04 | 000,088,548 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
MOD - [2011-06-24 05:38:02 | 000,183,790 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll
MOD - [2011-06-24 05:38:02 | 000,079,871 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll
MOD - [2011-06-24 05:38:02 | 000,073,029 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
MOD - [2011-06-24 05:38:02 | 000,012,177 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
MOD - [2011-06-24 05:38:02 | 000,011,163 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll
MOD - [2011-06-24 05:38:02 | 000,010,232 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll
MOD - [2011-06-24 05:38:00 | 000,013,528 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll
MOD - [2011-06-24 05:38:00 | 000,012,665 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll
MOD - [2011-06-24 05:38:00 | 000,010,860 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
MOD - [2011-06-24 05:38:00 | 000,008,793 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
MOD - [2011-06-24 05:38:00 | 000,007,511 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
MOD - [2011-06-24 05:37:58 | 000,019,058 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
MOD - [2011-06-24 05:37:58 | 000,014,574 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
MOD - [2011-06-24 05:37:58 | 000,007,899 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
MOD - [2011-06-24 05:37:56 | 000,336,466 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll
MOD - [2011-06-24 05:37:56 | 000,255,025 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll
MOD - [2011-06-24 05:37:56 | 000,194,434 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll
MOD - [2011-06-24 05:37:48 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll
MOD - [2011-06-24 05:37:46 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2011-06-24 05:26:34 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll
MOD - [2011-06-24 05:26:04 | 002,719,062 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
MOD - [2011-06-24 05:26:04 | 001,206,642 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll
MOD - [2011-06-24 05:26:00 | 000,173,805 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
MOD - [2011-06-24 05:24:44 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll
MOD - [2011-06-04 22:02:28 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\30a8c29a4e9807d25f7148ba4adbe7b9\IAStorUtil.ni.dll
MOD - [2011-06-04 22:02:28 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3956b6af532aee63d53f0c15d071b14b\IAStorCommon.ni.dll
MOD - [2011-04-06 22:45:14 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libskype.dll
MOD - [2010-11-21 03:49:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010-11-21 03:48:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010-11-21 03:48:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010-11-21 03:48:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010-11-21 03:48:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010-11-21 03:48:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010-11-21 03:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010-11-21 03:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2010-11-21 03:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010-11-21 03:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-11-10 03:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009-06-05 16:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011-11-10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011-09-30 13:04:50 | 000,075,136 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011-07-16 10:56:22 | 000,024,992 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2011-07-16 10:56:18 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-04-24 20:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011-02-10 00:00:16 | 000,012,800 | ---- | M] (Mr. John aka japamd) [Disabled | Stopped] -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe -- (RadeonPro Support Service)
SRV - [2010-11-24 22:37:36 | 004,237,312 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010-11-05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010-03-18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-09-20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-13 12:13:13 | 002,664,784 | ---- | M] (Conceiva Pty. Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe -- (Mezzmo)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-11-10 03:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011-11-10 03:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-11-10 02:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-10-17 17:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-06-11 00:50:11 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010-11-21 03:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 03:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010-11-21 03:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010-11-21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 03:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010-11-21 03:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010-11-21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-21 03:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-04-10 12:05:44 | 000,482,816 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009-06-10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-07-14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005-01-01 09:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pt.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC A4 81 3E 48 9E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = cm125-59-55-143.hkcable.com.hk:4000

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:11.3.14.0
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.2

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Helder\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Helder\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Helder\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 10.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2011-10-17 22:00:22 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 10.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-29 16:49:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-12-23 14:39:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-29 16:49:26 | 000,000,000 | ---D | M]

[2011-06-04 22:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helder\AppData\Roaming\Mozilla\Extensions
[2010-04-07 11:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helder\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009-12-18 14:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helder\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2009-12-18 15:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helder\AppData\Roaming\Mozilla\Extensions\MediaCoder-MCEX
[2009-12-18 14:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helder\AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2012-01-20 02:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\extensions
[2012-01-07 19:11:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011-06-04 22:21:16 | 000,000,000 | ---D | M] (Auto Timer) -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\extensions\[email protected]
[2011-12-08 14:47:33 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\extensions\[email protected]
[2012-01-16 23:40:53 | 000,000,000 | ---D | M] (Corretor para Português de Portugal) -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\extensions\[email protected]
[2011-06-04 22:21:16 | 000,000,000 | ---D | M] (Remove New Tab Button) -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\extensions\[email protected]
[2011-06-04 22:21:16 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\extensions\[email protected]
[2010-01-29 16:35:06 | 000,002,789 | ---- | M] () -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\searchplugins\world-of-warcraft-armory.xml
[2008-08-19 09:24:35 | 000,003,986 | ---- | M] () -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\searchplugins\wowhead-wotlk.xml
[2008-06-26 00:23:17 | 000,001,546 | ---- | M] () -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\searchplugins\wowhead.xml
[2011-02-04 21:24:48 | 000,002,445 | ---- | M] () -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\searchplugins\wowpedia-en.xml
[2008-08-28 13:10:38 | 000,001,826 | ---- | M] () -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\searchplugins\wowwiki-english.xml
[2008-06-23 22:06:00 | 000,002,109 | ---- | M] () -- C:\Users\Helder\AppData\Roaming\Mozilla\Firefox\Profiles\9aikn710.default\searchplugins\youtube-video-search.xml
[2011-11-09 15:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-11-08 18:23:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\HELDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9AIKN710.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\HELDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9AIKN710.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\HELDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9AIKN710.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\HELDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9AIKN710.DEFAULT\EXTENSIONS\[email protected]
[2011-12-23 14:39:50 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-01-01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-11-09 15:02:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Helder\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Helder\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Helder\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Helder\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Helder\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Helder\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Helder\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Pesquisa do Google = C:\Users\Helder\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Skype Click to Call = C:\Users\Helder\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail = C:\Users\Helder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Helder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FB67727-C5D9-4F45-9D22-C7E8260EC252}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C98DC42C-9D48-475B-B6CD-09F970617EB1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\notepad.exe: Debugger - C:\Program Files\Notepad2\Notepad2.exe ()
O27 - HKLM IFEO\notepad.exe: Debugger - C:\Program Files\Notepad2\Notepad2.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9a839ca1-9353-11e0-aaf3-001fc6507c51}\Shell - "" = AutoRun
O33 - MountPoints2\{9a839ca1-9353-11e0-aaf3-001fc6507c51}\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-01-22 17:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012-01-22 15:36:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-01-22 01:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012-01-22 01:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012-01-22 01:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2012-01-22 01:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2012-01-22 01:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2012-01-22 01:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2012-01-21 20:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012-01-21 17:43:23 | 000,000,000 | ---D | C] -- C:\Users\Helder\AppData\Local\Futuremark
[2012-01-21 17:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark Games Studio
[2012-01-21 17:41:43 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012-01-12 00:13:58 | 000,000,000 | ---D | C] -- C:\Users\Helder\Documents\OnLive App
[2012-01-12 00:13:48 | 000,000,000 | ---D | C] -- C:\Users\Helder\AppData\Roaming\OnLive App
[2012-01-12 00:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnLive
[2012-01-12 00:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnLive
[2012-01-05 23:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012-01-05 23:36:36 | 000,000,000 | ---D | C] -- C:\Users\Helder\AppData\Roaming\IObit
[2011-12-29 22:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2011-12-29 22:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011-12-29 22:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011-12-26 22:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2011-12-26 22:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World Mosaics 5

========== Files - Modified Within 30 Days ==========

[2012-01-22 17:15:53 | 000,007,600 | ---- | M] () -- C:\Users\Helder\AppData\Local\Resmon.ResmonCfg
[2012-01-22 17:14:37 | 000,023,980 | ---- | M] () -- C:\Users\Helder\AppData\Roaming\Notepad2.ini
[2012-01-22 17:12:20 | 000,784,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-01-22 17:12:20 | 000,651,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-01-22 17:12:20 | 000,120,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-01-22 17:10:38 | 000,763,958 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-01-22 16:58:50 | 000,024,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-01-22 16:58:50 | 000,024,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-01-22 16:53:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-01-22 16:53:02 | 3220,508,672 | -HS- | M] () -- C:\hiberfil.sys
[2012-01-22 16:22:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2307862525-3357266101-2585586314-1000UA.job
[2012-01-22 01:30:01 | 000,000,948 | ---- | M] () -- C:\Users\Helder\Desktop\Core Temp.lnk
[2012-01-22 01:05:31 | 000,001,990 | ---- | M] () -- C:\Users\Helder\Desktop\CrystalDiskInfo.lnk
[2012-01-21 20:59:39 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012-01-21 18:21:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2307862525-3357266101-2585586314-1000Core.job
[2012-01-21 17:43:09 | 000,000,706 | ---- | M] () -- C:\Users\Public\Desktop\Unstoppable Gorg.lnk
[2012-01-13 19:55:33 | 000,003,073 | ---- | M] () -- C:\Users\Helder\Desktop\MKV2AC3.lnk
[2012-01-13 19:12:56 | 000,204,590 | ---- | M] () -- C:\Users\Helder\Documents\fastusenet.png
[2012-01-13 00:05:49 | 000,000,705 | ---- | M] () -- C:\Users\Helder\Desktop\World of Warcraft.lnk
[2012-01-12 00:13:48 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\OnLive Launcher.lnk
[2012-01-07 04:22:57 | 000,002,405 | ---- | M] () -- C:\Users\Helder\Desktop\Google Chrome.lnk
[2012-01-05 23:36:41 | 000,001,259 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2012-01-05 23:36:40 | 000,001,237 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012-01-05 21:45:55 | 000,158,708 | ---- | M] () -- C:\Users\Helder\Documents\ts3_clientui-win32-1321432557-2012-01-05 21_45_54.649068.dmp
[2012-01-02 12:42:06 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011-12-29 22:54:19 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011-12-29 22:54:19 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2011-12-26 22:55:11 | 000,042,247 | ---- | M] () -- C:\Users\Helder\Documents\foreign_transfer_details_111226_235314.pdf
[2011-12-26 22:22:14 | 000,002,039 | ---- | M] () -- C:\Users\Helder\Desktop\World Mosaics 5.lnk

========== Files Created - No Company Name ==========

[2012-01-22 01:30:01 | 000,000,948 | ---- | C] () -- C:\Users\Helder\Desktop\Core Temp.lnk
[2012-01-22 01:05:31 | 000,001,990 | ---- | C] () -- C:\Users\Helder\Desktop\CrystalDiskInfo.lnk
[2012-01-21 20:59:39 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012-01-21 17:43:09 | 000,000,706 | ---- | C] () -- C:\Users\Public\Desktop\Unstoppable Gorg.lnk
[2012-01-13 19:12:55 | 000,204,590 | ---- | C] () -- C:\Users\Helder\Documents\fastusenet.png
[2012-01-12 00:13:48 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\OnLive Launcher.lnk
[2012-01-05 23:36:41 | 000,001,259 | ---- | C] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2012-01-05 23:36:40 | 000,001,237 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012-01-05 21:45:54 | 000,158,708 | ---- | C] () -- C:\Users\Helder\Documents\ts3_clientui-win32-1321432557-2012-01-05 21_45_54.649068.dmp
[2012-01-02 12:42:06 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011-12-29 22:54:19 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011-12-29 22:54:19 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2011-12-26 22:55:10 | 000,042,247 | ---- | C] () -- C:\Users\Helder\Documents\foreign_transfer_details_111226_235314.pdf
[2011-12-26 22:22:14 | 000,002,039 | ---- | C] () -- C:\Users\Helder\Desktop\World Mosaics 5.lnk
[2011-12-16 12:53:29 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011-12-16 12:53:29 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011-12-02 14:27:18 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011-11-19 20:10:28 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2011-11-17 14:44:26 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-11-09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011-11-09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011-11-04 01:39:50 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2011-11-04 01:39:50 | 000,004,151 | ---- | C] () -- C:\Windows\unins000.dat
[2011-10-25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011-10-07 15:57:04 | 000,023,980 | ---- | C] () -- C:\Users\Helder\AppData\Roaming\Notepad2.ini
[2011-10-06 19:18:13 | 000,000,600 | ---- | C] () -- C:\Users\Helder\AppData\Local\PUTTY.RND
[2011-10-06 13:54:38 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2011-10-06 12:47:29 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-09-30 13:04:51 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-09-30 13:04:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-09-28 16:42:05 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2011-09-23 19:36:16 | 000,763,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-08-26 23:47:43 | 000,007,600 | ---- | C] () -- C:\Users\Helder\AppData\Local\Resmon.ResmonCfg
[2011-07-29 16:47:28 | 000,205,562 | ---- | C] () -- C:\Windows\hpoins30.dat
[2011-07-29 16:47:28 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2011-07-23 17:36:36 | 000,001,912 | ---- | C] () -- C:\Users\Helder\AppData\Roaming\MPQEditor.ini
[2011-06-11 01:15:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011-06-05 18:04:57 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011-06-04 22:51:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011-06-04 19:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009-07-14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2012-01-22 17:08:18 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\.purple
[2011-08-19 20:17:39 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\CorsixTH
[2011-06-11 00:51:33 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\DAEMON Tools Lite
[2011-07-08 22:08:36 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\Day 1 Studios
[2011-11-23 23:30:23 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\digipen
[2011-11-04 01:39:53 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\FFSJ
[2012-01-22 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\foobar2000
[2011-09-02 15:59:02 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\Gatling Gears
[2011-07-30 18:32:56 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\gtk-2.0
[2012-01-05 23:36:36 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\IObit
[2011-08-23 18:07:53 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\Kalypso Media
[2011-12-02 13:00:49 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\Mael
[2011-06-04 21:54:20 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\newMozilla
[2011-08-08 16:03:39 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\NewsLeecher
[2011-08-08 15:22:33 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\NewsLeecher - Copy
[2011-07-14 14:38:22 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\NtDLL Loader
[2012-01-12 00:13:48 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\OnLive App
[2011-09-30 12:45:08 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\Origin
[2011-09-05 14:05:16 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\RadeonPro
[2011-09-24 12:18:38 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\runic games
[2011-10-06 14:33:55 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\Samsung
[2011-08-20 00:35:50 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\ScummVM
[2011-11-10 15:41:36 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\Sports Interactive
[2011-09-10 23:16:13 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\TeamViewer
[2011-10-01 21:34:01 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\Tropico 4
[2011-12-18 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\TS3Client
[2011-12-12 19:45:34 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\ts3overlay
[2011-09-09 14:02:58 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\Unity
[2012-01-21 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Helder\AppData\Roaming\uTorrent
[2011-12-27 09:32:09 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   101.27KB   27 downloads
  • Attached File  OTL.Txt   101.27KB   23 downloads

Edited by RKinner, 22 January 2012 - 10:09 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
Akgis

Akgis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Fixed it with the Kaspersky free AV scan.

I will reinstall windows anyway soon.

Thanks thou bookmarked for future reference
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP