Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I'm useless, plese help. [Closed]

Started by help_the_sheep , Feb 26 2012 10:00 PM

This topic is locked

#31
help_the_sheep

Posted 08 March 2012 - 05:52 PM

Member

Topic Starter
Member
28 posts

what other information do you need from Kaspersky?

#32
Render

Posted 08 March 2012 - 06:05 PM

Trusted Helper

Malware Removal
4,195 posts

Scan log or report and attached analysis zip file.

#33
help_the_sheep

Posted 08 March 2012 - 06:15 PM

Member

Topic Starter
Member
28 posts

okay, I cannot find those on my computer.

#34
Render

Posted 10 March 2012 - 05:56 AM

Trusted Helper

Malware Removal
4,195 posts

Please repeat these steps here and strictly follow instructions.

#35
help_the_sheep

Posted 22 March 2012 - 03:05 PM

Member

Topic Starter
Member
28 posts

avptool_sysinfo.zip 15.53KB 93 downloads

#36
help_the_sheep

Posted 22 March 2012 - 03:06 PM

Member

Topic Starter
Member
28 posts

sorry it took me so long

#37
Render

Posted 22 March 2012 - 04:01 PM

Trusted Helper

Malware Removal
4,195 posts

OK. First part of scan came out clean?

How is your computer running now and what problems are still evident?

#38
help_the_sheep

Posted 23 March 2012 - 10:25 PM

Member

Topic Starter
Member
28 posts

Well, ghost voices still pop up and it will run rather sluggish with almost nothing running.

#39
Render

Posted 25 March 2012 - 03:30 PM

Trusted Helper

Malware Removal
4,195 posts

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.*
%windir%\system32\tasks\*.*
/md5start
stdrt.exe
adbcnsl.exe
netdtect.sys
rca.sys
ip6fw.sys
secdrv.sys
runtime.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

#40
help_the_sheep

Posted 25 March 2012 - 10:59 PM

Member

Topic Starter
Member
28 posts

OTL logfile created on: 3/25/2012 11:41:49 PM - Run 5
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\wesley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 47.43% Memory free
3.71 Gb Paging File | 2.36 Gb Available in Paging File | 63.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 147.85 Gb Free Space | 67.89% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: [bleep] | User Name: wesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/25 23:35:29 | 000,372,736 | ---- | M] ( ) -- C:\Windows\Temp\mrt9EED.tmp\stdrt.exe
PRC - [2012/02/26 22:20:32 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\wesley\Desktop\OTL.com
PRC - [2012/02/18 13:02:47 | 000,650,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/01/07 01:17:51 | 000,601,600 | ---- | M] (DownloadManager) -- C:\Program Files (x86)\Download Manager\DownloadManager.exe
PRC - [2011/10/26 13:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/04/02 16:34:42 | 000,340,848 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2011/03/28 21:49:06 | 000,408,432 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2011/03/28 21:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2011/03/14 06:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 06:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 06:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/16 19:45:35 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/16 19:45:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 19:44:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 19:44:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 19:43:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 19:43:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 19:43:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/12/18 05:23:39 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 16:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/01/07 02:44:09 | 000,689,492 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\adbcnsl.exe -- (Adobe Licensing Console)
SRV - [2011/08/24 15:11:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/07 14:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/04/02 16:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/14 11:35:57 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/07/14 11:35:57 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/07/14 11:35:57 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/20 04:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/25 05:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/01/13 22:01:44 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/01/04 12:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/10/08 05:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 16:17:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/22 16:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Extensions
[2011/12/05 02:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\extensions
[2011/12/05 02:21:29 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/03/22 22:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\Profiles\taxfxnr6.default\extensions
[2012/03/22 16:21:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\Profiles\taxfxnr6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/22 16:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/07 18:22:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O3 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001..\Run: [DownloadManager] C:\Program Files (x86)\Download Manager\DownloadManager.exe (DownloadManager)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30689BBF-A5AC-4597-B61B-D44012EBF6D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/24 12:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/24 12:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/22 22:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/03/22 22:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/03/22 22:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/03/22 22:12:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/22 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\wesley\AppData\Local\Mozilla
[2012/03/14 23:28:31 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 23:28:28 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 23:28:27 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 18:59:45 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 18:59:02 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 18:59:02 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 18:59:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 18:59:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 18:59:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/07 22:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/03/07 18:46:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/07 18:11:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/07 18:11:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/07 18:11:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/07 18:09:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 18:09:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 18:08:41 | 004,430,732 | R--- | C] (Swearware) -- C:\Users\wesley\Desktop\ComboFix.exe
[2012/02/29 20:02:48 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\wesley\Desktop\tdsskiller.exe
[2012/02/29 17:34:20 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\wesley\Desktop\aswMBR.exe
[2012/02/26 22:34:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/26 22:20:41 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\wesley\Desktop\OTL.com
[2012/02/26 12:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Active PC Optimizer
[2012/02/26 12:51:11 | 000,000,000 | ---D | C] -- C:\Users\wesley\AppData\Roaming\ErrorExpert
[2012/02/26 12:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2012/02/26 12:18:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/02/26 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\wesley\AppData\Roaming\PCPro
[2012/02/26 12:06:09 | 005,279,504 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/02/26 12:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2012/02/26 12:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/02/26 12:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaners

========== Files - Modified Within 30 Days ==========

[2012/03/25 23:45:35 | 000,000,033 | ---- | M] () -- C:\Windows\SysWow64\deck.ini
[2012/03/25 23:44:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 23:44:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 23:42:23 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/25 23:42:23 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/25 23:42:23 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/25 23:35:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/25 23:34:57 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/24 12:19:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/24 12:19:05 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/22 22:28:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/22 22:18:20 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/03/22 16:17:05 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/14 23:40:18 | 000,291,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/08 18:52:32 | 000,007,613 | ---- | M] () -- C:\Users\wesley\AppData\Local\Resmon.ResmonCfg
[2012/03/07 21:59:43 | 123,277,696 | ---- | M] () -- C:\Users\wesley\Desktop\setup_11.0.0.1245.x01_2012_03_08_05_08.exe
[2012/03/07 21:53:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/03/07 18:22:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/07 18:08:37 | 004,430,732 | R--- | M] (Swearware) -- C:\Users\wesley\Desktop\ComboFix.exe
[2012/02/29 20:02:52 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\wesley\Desktop\tdsskiller.exe
[2012/02/29 17:55:38 | 333,557,443 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/29 17:34:39 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\wesley\Desktop\aswMBR.exe
[2012/02/29 17:00:17 | 001,339,904 | ---- | M] () -- C:\Users\wesley\Desktop\RogueKiller.exe
[2012/02/26 22:20:32 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\wesley\Desktop\OTL.com
[2012/02/26 12:05:37 | 005,279,504 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe

========== Files Created - No Company Name ==========

[2012/03/24 12:19:00 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/22 22:12:25 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/03/22 16:17:05 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/07 21:57:20 | 123,277,696 | ---- | C] () -- C:\Users\wesley\Desktop\setup_11.0.0.1245.x01_2012_03_08_05_08.exe
[2012/03/07 21:53:55 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/03/07 18:11:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/07 18:11:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/07 18:11:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/07 18:11:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/07 18:11:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/29 17:00:19 | 001,339,904 | ---- | C] () -- C:\Users\wesley\Desktop\RogueKiller.exe
[2012/02/29 16:59:06 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/18 14:44:22 | 000,007,613 | ---- | C] () -- C:\Users\wesley\AppData\Local\Resmon.ResmonCfg
[2012/02/05 21:07:04 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/01/14 06:35:53 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 10:52:02 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/01/07 02:44:09 | 000,689,492 | ---- | C] ( ) -- C:\Windows\SysWow64\adbcnsl.exe
[2011/07/14 11:20:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/14 11:20:29 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/14 11:20:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2011/12/07 20:28:38 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\.minecraft
[2012/01/09 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\AVG2012
[2012/03/25 23:45:42 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\BitTorrent
[2012/02/26 12:51:11 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\ErrorExpert
[2012/01/08 01:26:46 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\Image-Line
[2011/12/04 22:02:31 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\LolClient
[2012/01/12 00:09:19 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\MMFApplications
[2012/02/26 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\PCPro
[2011/12/21 05:37:04 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\PDFlite
[2012/02/27 17:35:45 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\SynthMaker
[2011/12/19 21:57:50 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\SystemRequirementsLab
[2012/02/12 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\TS3Client
[2012/02/20 14:37:11 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/02/22 22:38:55 | 000,001,449 | ---- | M] () -- C:\aaw7boot.log
[2011/07/14 11:24:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/03/07 21:53:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/03/07 18:28:31 | 000,018,181 | ---- | M] () -- C:\ComboFix.txt
[2012/03/25 23:34:57 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 22:49:52 | 000,000,400 | ---- | M] () -- C:\log.txt
[2012/03/25 23:35:00 | 1992,146,944 | -HS- | M] () -- C:\pagefile.sys
[2012/03/10 12:21:31 | 000,003,020 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_10.03.2012_11.21.13_log.txt
[2012/02/29 21:27:58 | 000,293,432 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_29.02.2012_19.05.14_log.txt

< %windir%\system32\tasks\*.* >

< MD5 for: ADBCNSL.EXE >
[2012/01/07 02:44:09 | 000,689,492 | ---- | M] ( ) MD5=14EF8EA2211A3D9A1CC11B7BBAC1848E -- C:\Windows\SysWOW64\adbcnsl.exe

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/20 22:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 22:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/20 22:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 22:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 22:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 22:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 22:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 22:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SECDRV.SYS >
[2009/06/10 15:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=3EA8A16169C26AFBEB544E0E48421186 -- C:\Windows\SysNative\drivers\secdrv.sys
[2009/06/10 15:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=3EA8A16169C26AFBEB544E0E48421186 -- C:\Windows\winsxs\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.1.7600.16385_none_b9a1c8f4d6f69273\secdrv.sys

< MD5 for: STDRT.EXE >
[2012/03/20 22:12:17 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt452A.tmp\stdrt.exe
[2012/03/23 23:20:50 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4558.tmp\stdrt.exe
[2012/03/21 16:44:56 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4642.tmp\stdrt.exe
[2012/03/24 12:10:31 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt478A.tmp\stdrt.exe
[2012/03/07 18:22:10 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4893.tmp\stdrt.exe
[2012/03/20 12:25:33 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4A19.tmp\stdrt.exe
[2012/03/12 00:02:30 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4B42.tmp\stdrt.exe
[2012/03/07 18:45:55 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4C3B.tmp\stdrt.exe
[2012/03/22 22:07:05 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4DA2.tmp\stdrt.exe
[2012/03/13 18:53:45 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4E7C.tmp\stdrt.exe
[2012/03/10 21:59:10 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt513A.tmp\stdrt.exe
[2012/03/10 12:17:35 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt51A8.tmp\stdrt.exe
[2012/03/14 23:19:59 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt5427.tmp\stdrt.exe
[2012/03/19 19:03:43 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt5511.tmp\stdrt.exe
[2012/03/18 22:42:20 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt619F.tmp\stdrt.exe
[2012/03/15 23:57:54 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt7473.tmp\stdrt.exe
[2012/03/07 21:54:35 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt7879.tmp\stdrt.exe
[2012/03/17 13:04:40 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt9D47.tmp\stdrt.exe
[2012/03/25 23:35:29 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt9EED.tmp\stdrt.exe
[2012/03/14 23:40:26 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrtDFE2.tmp\stdrt.exe

< End of report >

#41
Render

Posted 26 March 2012 - 04:41 AM

Trusted Helper

Malware Removal
4,195 posts

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Please double click on on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")

Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

:OTL
PRC - [2012/03/25 23:35:29 | 000,372,736 | ---- | M] ( ) -- C:\Windows\Temp\mrt9EED.tmp\stdrt.exe
  	
:Files
C:\Windows\Temp\mrt*
C:\Windows\Temp\mrt9EED.tmp\stdrt.exe

:Reg

:Commands
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]

Make sure all other windows are closed and to let it run uninterrupted.
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#42
help_the_sheep

Posted 28 March 2012 - 05:46 PM

Member

Topic Starter
Member
28 posts

All processes killed
========== OTL ==========
No active process named stdrt.exe was found!
========== FILES ==========
C:\Windows\Temp\mrt452A.tmp folder moved successfully.
C:\Windows\Temp\mrt4558.tmp folder moved successfully.
C:\Windows\Temp\mrt4642.tmp folder moved successfully.
C:\Windows\Temp\mrt478A.tmp folder moved successfully.
C:\Windows\Temp\mrt4893.tmp folder moved successfully.
C:\Windows\Temp\mrt4A19.tmp folder moved successfully.
C:\Windows\Temp\mrt4B42.tmp folder moved successfully.
C:\Windows\Temp\mrt4C3B.tmp folder moved successfully.
C:\Windows\Temp\mrt4DA2.tmp folder moved successfully.
C:\Windows\Temp\mrt4E7C.tmp folder moved successfully.
C:\Windows\Temp\mrt4F66.tmp folder moved successfully.
C:\Windows\Temp\mrt513A.tmp folder moved successfully.
C:\Windows\Temp\mrt51A8.tmp folder moved successfully.
C:\Windows\Temp\mrt5427.tmp folder moved successfully.
C:\Windows\Temp\mrt5511.tmp folder moved successfully.
C:\Windows\Temp\mrt619F.tmp folder moved successfully.
C:\Windows\Temp\mrt65F2.tmp folder moved successfully.
C:\Windows\Temp\mrt7473.tmp folder moved successfully.
C:\Windows\Temp\mrt7879.tmp folder moved successfully.
C:\Windows\Temp\mrt9D47.tmp folder moved successfully.
C:\Windows\Temp\mrt9EED.tmp folder moved successfully.
C:\Windows\Temp\mrtDFE2.tmp folder moved successfully.
File\Folder C:\Windows\Temp\mrt9EED.tmp\stdrt.exe not found.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: wesley
->Temp folder emptied: 169377213 bytes
->Temporary Internet Files folder emptied: 95162301 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49762134 bytes
->Flash cache emptied: 475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65512545 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 556343 bytes

Total Files Cleaned = 363.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: wesley
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: wesley
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.33.2 log created on 03282012_181312

Files\Folders moved on Reboot...
C:\Users\wesley\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\wesley\AppData\Local\Temp\MMDUtl.log moved successfully.
File\Folder C:\Windows\temp\hsperfdata_ASS$\1012 not found!
File\Folder C:\Windows\temp\hsperfdata_ASS$\536 not found!
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
C:\Windows\temp\flaAC3B.tmp moved successfully.
File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#43
Render

Posted 28 March 2012 - 06:10 PM

Trusted Helper

Malware Removal
4,195 posts

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.*
%windir%\system32\tasks\*.*
/md5start
stdrt.exe
/md5stop
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

#44
help_the_sheep

Posted 29 March 2012 - 04:50 PM

Member

Topic Starter
Member
28 posts

OTL logfile created on: 3/29/2012 5:06:22 PM - Run 6
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\wesley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 35.35% Memory free
3.71 Gb Paging File | 1.96 Gb Available in Paging File | 52.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 147.61 Gb Free Space | 67.78% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: [bleep] | User Name: wesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/29 16:36:36 | 000,372,736 | ---- | M] ( ) -- C:\Windows\Temp\mrt754E.tmp\stdrt.exe
PRC - [2012/02/26 22:20:32 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\wesley\Desktop\OTL.com
PRC - [2012/02/18 13:02:47 | 000,650,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/01/07 01:17:51 | 000,601,600 | ---- | M] (DownloadManager) -- C:\Program Files (x86)\Download Manager\DownloadManager.exe
PRC - [2011/10/26 13:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/04/02 16:34:42 | 000,340,848 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2011/03/28 21:49:06 | 000,408,432 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2011/03/28 21:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2011/03/14 06:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 06:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 06:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/16 19:45:35 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/16 19:45:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 19:44:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 19:44:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 19:43:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 19:43:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 19:43:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/12/18 05:23:39 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 16:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/01/07 02:44:09 | 000,689,492 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\adbcnsl.exe -- (Adobe Licensing Console)
SRV - [2011/08/24 15:11:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/07 14:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/04/02 16:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/14 11:35:57 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/07/14 11:35:57 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/07/14 11:35:57 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/20 04:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/25 05:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/01/13 22:01:44 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/01/04 12:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/10/08 05:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 16:17:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/22 16:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Extensions
[2011/12/05 02:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\extensions
[2011/12/05 02:21:29 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/03/22 22:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\Profiles\taxfxnr6.default\extensions
[2012/03/22 16:21:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\Profiles\taxfxnr6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/22 16:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/28 18:13:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O3 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001..\Run: [DownloadManager] C:\Program Files (x86)\Download Manager\DownloadManager.exe (DownloadManager)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30689BBF-A5AC-4597-B61B-D44012EBF6D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/29 16:37:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/03/28 18:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Netgrear
[2012/03/24 12:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/24 12:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/22 22:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/03/22 22:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/03/22 22:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/03/22 22:12:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/22 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\wesley\AppData\Local\Mozilla
[2012/03/14 23:28:31 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 23:28:28 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 23:28:27 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 18:59:45 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 18:59:02 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 18:59:02 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 18:59:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 18:59:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 18:59:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/07 22:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/03/07 18:46:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/07 18:11:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/07 18:11:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/07 18:11:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/07 18:09:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 18:09:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 18:08:41 | 004,430,732 | R--- | C] (Swearware) -- C:\Users\wesley\Desktop\ComboFix.exe
[2012/02/29 20:02:48 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\wesley\Desktop\tdsskiller.exe
[2012/02/29 17:34:20 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\wesley\Desktop\aswMBR.exe

========== Files - Modified Within 30 Days ==========

[2012/03/29 17:16:35 | 000,000,033 | ---- | M] () -- C:\Windows\SysWow64\deck.ini
[2012/03/29 16:44:27 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 16:44:27 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 16:44:06 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/29 16:44:06 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/29 16:44:06 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/29 16:36:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/29 16:36:15 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/28 22:50:54 | 000,007,613 | ---- | M] () -- C:\Users\wesley\AppData\Local\Resmon.ResmonCfg
[2012/03/28 18:13:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/24 12:19:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/24 12:19:05 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/22 22:28:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/22 22:18:20 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/03/22 16:17:05 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/14 23:40:18 | 000,291,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/07 21:59:43 | 123,277,696 | ---- | M] () -- C:\Users\wesley\Desktop\setup_11.0.0.1245.x01_2012_03_08_05_08.exe
[2012/03/07 21:53:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/03/07 18:08:37 | 004,430,732 | R--- | M] (Swearware) -- C:\Users\wesley\Desktop\ComboFix.exe
[2012/02/29 20:02:52 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\wesley\Desktop\tdsskiller.exe
[2012/02/29 17:55:38 | 333,557,443 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/29 17:34:39 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\wesley\Desktop\aswMBR.exe
[2012/02/29 17:00:17 | 001,339,904 | ---- | M] () -- C:\Users\wesley\Desktop\RogueKiller.exe

========== Files Created - No Company Name ==========

[2012/03/24 12:19:00 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/22 22:12:25 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/03/22 16:17:05 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/07 21:57:20 | 123,277,696 | ---- | C] () -- C:\Users\wesley\Desktop\setup_11.0.0.1245.x01_2012_03_08_05_08.exe
[2012/03/07 21:53:55 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/03/07 18:11:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/07 18:11:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/07 18:11:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/07 18:11:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/07 18:11:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/29 17:00:19 | 001,339,904 | ---- | C] () -- C:\Users\wesley\Desktop\RogueKiller.exe
[2012/02/29 16:59:06 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/18 14:44:22 | 000,007,613 | ---- | C] () -- C:\Users\wesley\AppData\Local\Resmon.ResmonCfg
[2012/02/05 21:07:04 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/01/14 06:35:53 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 10:52:02 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/01/07 02:44:09 | 000,689,492 | ---- | C] ( ) -- C:\Windows\SysWow64\adbcnsl.exe
[2011/07/14 11:20:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/14 11:20:29 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/14 11:20:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2011/12/07 20:28:38 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\.minecraft
[2012/01/09 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\AVG2012
[2012/03/29 17:14:00 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\BitTorrent
[2012/02/26 12:51:11 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\ErrorExpert
[2012/01/08 01:26:46 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\Image-Line
[2011/12/04 22:02:31 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\LolClient
[2012/01/12 00:09:19 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\MMFApplications
[2012/02/26 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\PCPro
[2011/12/21 05:37:04 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\PDFlite
[2012/02/27 17:35:45 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\SynthMaker
[2011/12/19 21:57:50 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\SystemRequirementsLab
[2012/02/12 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\TS3Client
[2012/02/20 14:37:11 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/02/22 22:38:55 | 000,001,449 | ---- | M] () -- C:\aaw7boot.log
[2011/07/14 11:24:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/03/07 21:53:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/03/07 18:28:31 | 000,018,181 | ---- | M] () -- C:\ComboFix.txt
[2012/03/29 16:36:15 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 22:49:52 | 000,000,400 | ---- | M] () -- C:\log.txt
[2012/03/29 16:36:19 | 1992,146,944 | -HS- | M] () -- C:\pagefile.sys
[2012/03/10 12:21:31 | 000,003,020 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_10.03.2012_11.21.13_log.txt
[2012/02/29 21:27:58 | 000,293,432 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_29.02.2012_19.05.14_log.txt

< %windir%\system32\tasks\*.* >

< MD5 for: STDRT.EXE >
[2012/03/20 22:12:17 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt452A.tmp\stdrt.exe
[2012/03/23 23:20:50 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4558.tmp\stdrt.exe
[2012/03/21 16:44:56 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4642.tmp\stdrt.exe
[2012/03/24 12:10:31 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt478A.tmp\stdrt.exe
[2012/03/07 18:22:10 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4893.tmp\stdrt.exe
[2012/03/20 12:25:33 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4A19.tmp\stdrt.exe
[2012/03/12 00:02:30 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4B42.tmp\stdrt.exe
[2012/03/07 18:45:55 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4C3B.tmp\stdrt.exe
[2012/03/22 22:07:05 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4DA2.tmp\stdrt.exe
[2012/03/13 18:53:45 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4E7C.tmp\stdrt.exe
[2012/03/26 14:11:42 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4F66.tmp\stdrt.exe
[2012/03/10 21:59:10 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt513A.tmp\stdrt.exe
[2012/03/10 12:17:35 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt51A8.tmp\stdrt.exe
[2012/03/14 23:19:59 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt5427.tmp\stdrt.exe
[2012/03/19 19:03:43 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt5511.tmp\stdrt.exe
[2012/03/18 22:42:20 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt619F.tmp\stdrt.exe
[2012/03/27 21:34:37 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt65F2.tmp\stdrt.exe
[2012/03/15 23:57:54 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt7473.tmp\stdrt.exe
[2012/03/07 21:54:35 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt7879.tmp\stdrt.exe
[2012/03/17 13:04:40 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt9D47.tmp\stdrt.exe
[2012/03/25 23:35:29 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt9EED.tmp\stdrt.exe
[2012/03/14 23:40:26 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrtDFE2.tmp\stdrt.exe
[2012/03/28 18:15:48 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4A86.tmp\stdrt.exe
[2012/03/28 19:44:41 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt698B.tmp\stdrt.exe
[2012/03/29 16:36:36 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt754E.tmp\stdrt.exe
[2012/03/28 22:57:50 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt8600.tmp\stdrt.exe

< End of report >

p.s. my computer's gotten worse than it has been

#45
Render

Posted 29 March 2012 - 05:07 PM

Trusted Helper

Malware Removal
4,195 posts

my computer's gotten worse than it has been

Yes, I see this from log. I can't find source of stdrt.exe so far.

Let's try with fresh copy of Combofix. Delete old copy and then follow this:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review