Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I'm useless, plese help. [Closed]


  • This topic is locked This topic is locked

#31
help_the_sheep

help_the_sheep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
what other information do you need from Kaspersky?
  • 0

Advertisements


#32
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Scan log or report and attached analysis zip file.
  • 0

#33
help_the_sheep

help_the_sheep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
okay, I cannot find those on my computer.
  • 0

#34
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please repeat these steps here and strictly follow instructions.
  • 0

#35
help_the_sheep

help_the_sheep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Attached File  avptool_sysinfo.zip   15.53KB   26 downloads
  • 0

#36
help_the_sheep

help_the_sheep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
sorry it took me so long
  • 0

#37
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. First part of scan came out clean?

How is your computer running now and what problems are still evident?
  • 0

#38
help_the_sheep

help_the_sheep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Well, ghost voices still pop up and it will run rather sluggish with almost nothing running.
  • 0

#39
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.*
    %windir%\system32\tasks\*.*
    /md5start
    stdrt.exe
    adbcnsl.exe
    netdtect.sys
    rca.sys
    ip6fw.sys
    secdrv.sys
    runtime.sys
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys 
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#40
help_the_sheep

help_the_sheep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
OTL logfile created on: 3/25/2012 11:41:49 PM - Run 5
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\wesley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 47.43% Memory free
3.71 Gb Paging File | 2.36 Gb Available in Paging File | 63.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 147.85 Gb Free Space | 67.89% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: [bleep] | User Name: wesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/25 23:35:29 | 000,372,736 | ---- | M] ( ) -- C:\Windows\Temp\mrt9EED.tmp\stdrt.exe
PRC - [2012/02/26 22:20:32 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\wesley\Desktop\OTL.com
PRC - [2012/02/18 13:02:47 | 000,650,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/01/07 01:17:51 | 000,601,600 | ---- | M] (DownloadManager) -- C:\Program Files (x86)\Download Manager\DownloadManager.exe
PRC - [2011/10/26 13:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/04/02 16:34:42 | 000,340,848 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2011/03/28 21:49:06 | 000,408,432 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2011/03/28 21:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2011/03/14 06:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 06:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 06:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 19:45:35 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/16 19:45:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 19:44:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 19:44:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 19:43:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 19:43:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 19:43:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/12/18 05:23:39 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 16:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/01/07 02:44:09 | 000,689,492 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\adbcnsl.exe -- (Adobe Licensing Console)
SRV - [2011/08/24 15:11:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/07 14:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/04/02 16:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/14 11:35:57 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/07/14 11:35:57 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/07/14 11:35:57 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/20 04:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/25 05:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/01/13 22:01:44 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/01/04 12:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/10/08 05:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 16:17:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/22 16:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Extensions
[2011/12/05 02:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\extensions
[2011/12/05 02:21:29 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/03/22 22:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\Profiles\taxfxnr6.default\extensions
[2012/03/22 16:21:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\Profiles\taxfxnr6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/22 16:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/07 18:22:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O3 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001..\Run: [DownloadManager] C:\Program Files (x86)\Download Manager\DownloadManager.exe (DownloadManager)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30689BBF-A5AC-4597-B61B-D44012EBF6D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/24 12:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/24 12:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/22 22:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/03/22 22:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/03/22 22:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/03/22 22:12:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/22 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\wesley\AppData\Local\Mozilla
[2012/03/14 23:28:31 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 23:28:28 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 23:28:27 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 18:59:45 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 18:59:02 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 18:59:02 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 18:59:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 18:59:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 18:59:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/07 22:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/03/07 18:46:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/07 18:11:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/07 18:11:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/07 18:11:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/07 18:09:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 18:09:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 18:08:41 | 004,430,732 | R--- | C] (Swearware) -- C:\Users\wesley\Desktop\ComboFix.exe
[2012/02/29 20:02:48 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\wesley\Desktop\tdsskiller.exe
[2012/02/29 17:34:20 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\wesley\Desktop\aswMBR.exe
[2012/02/26 22:34:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/26 22:20:41 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\wesley\Desktop\OTL.com
[2012/02/26 12:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Active PC Optimizer
[2012/02/26 12:51:11 | 000,000,000 | ---D | C] -- C:\Users\wesley\AppData\Roaming\ErrorExpert
[2012/02/26 12:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2012/02/26 12:18:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/02/26 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\wesley\AppData\Roaming\PCPro
[2012/02/26 12:06:09 | 005,279,504 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/02/26 12:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2012/02/26 12:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/02/26 12:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaners

========== Files - Modified Within 30 Days ==========

[2012/03/25 23:45:35 | 000,000,033 | ---- | M] () -- C:\Windows\SysWow64\deck.ini
[2012/03/25 23:44:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 23:44:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 23:42:23 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/25 23:42:23 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/25 23:42:23 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/25 23:35:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/25 23:34:57 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/24 12:19:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/24 12:19:05 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/22 22:28:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/22 22:18:20 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/03/22 16:17:05 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/14 23:40:18 | 000,291,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/08 18:52:32 | 000,007,613 | ---- | M] () -- C:\Users\wesley\AppData\Local\Resmon.ResmonCfg
[2012/03/07 21:59:43 | 123,277,696 | ---- | M] () -- C:\Users\wesley\Desktop\setup_11.0.0.1245.x01_2012_03_08_05_08.exe
[2012/03/07 21:53:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/03/07 18:22:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/07 18:08:37 | 004,430,732 | R--- | M] (Swearware) -- C:\Users\wesley\Desktop\ComboFix.exe
[2012/02/29 20:02:52 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\wesley\Desktop\tdsskiller.exe
[2012/02/29 17:55:38 | 333,557,443 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/29 17:34:39 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\wesley\Desktop\aswMBR.exe
[2012/02/29 17:00:17 | 001,339,904 | ---- | M] () -- C:\Users\wesley\Desktop\RogueKiller.exe
[2012/02/26 22:20:32 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\wesley\Desktop\OTL.com
[2012/02/26 12:05:37 | 005,279,504 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe

========== Files Created - No Company Name ==========

[2012/03/24 12:19:00 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/22 22:12:25 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/03/22 16:17:05 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/07 21:57:20 | 123,277,696 | ---- | C] () -- C:\Users\wesley\Desktop\setup_11.0.0.1245.x01_2012_03_08_05_08.exe
[2012/03/07 21:53:55 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/03/07 18:11:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/07 18:11:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/07 18:11:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/07 18:11:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/07 18:11:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/29 17:00:19 | 001,339,904 | ---- | C] () -- C:\Users\wesley\Desktop\RogueKiller.exe
[2012/02/29 16:59:06 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/18 14:44:22 | 000,007,613 | ---- | C] () -- C:\Users\wesley\AppData\Local\Resmon.ResmonCfg
[2012/02/05 21:07:04 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/01/14 06:35:53 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 10:52:02 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/01/07 02:44:09 | 000,689,492 | ---- | C] ( ) -- C:\Windows\SysWow64\adbcnsl.exe
[2011/07/14 11:20:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/14 11:20:29 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/14 11:20:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2011/12/07 20:28:38 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\.minecraft
[2012/01/09 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\AVG2012
[2012/03/25 23:45:42 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\BitTorrent
[2012/02/26 12:51:11 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\ErrorExpert
[2012/01/08 01:26:46 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\Image-Line
[2011/12/04 22:02:31 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\LolClient
[2012/01/12 00:09:19 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\MMFApplications
[2012/02/26 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\PCPro
[2011/12/21 05:37:04 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\PDFlite
[2012/02/27 17:35:45 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\SynthMaker
[2011/12/19 21:57:50 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\SystemRequirementsLab
[2012/02/12 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\TS3Client
[2012/02/20 14:37:11 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2012/02/22 22:38:55 | 000,001,449 | ---- | M] () -- C:\aaw7boot.log
[2011/07/14 11:24:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/03/07 21:53:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/03/07 18:28:31 | 000,018,181 | ---- | M] () -- C:\ComboFix.txt
[2012/03/25 23:34:57 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 22:49:52 | 000,000,400 | ---- | M] () -- C:\log.txt
[2012/03/25 23:35:00 | 1992,146,944 | -HS- | M] () -- C:\pagefile.sys
[2012/03/10 12:21:31 | 000,003,020 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_10.03.2012_11.21.13_log.txt
[2012/02/29 21:27:58 | 000,293,432 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_29.02.2012_19.05.14_log.txt

< %windir%\system32\tasks\*.* >


< MD5 for: ADBCNSL.EXE >
[2012/01/07 02:44:09 | 000,689,492 | ---- | M] ( ) MD5=14EF8EA2211A3D9A1CC11B7BBAC1848E -- C:\Windows\SysWOW64\adbcnsl.exe

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/20 22:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 22:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/20 22:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 22:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 22:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 22:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 22:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 22:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SECDRV.SYS >
[2009/06/10 15:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=3EA8A16169C26AFBEB544E0E48421186 -- C:\Windows\SysNative\drivers\secdrv.sys
[2009/06/10 15:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=3EA8A16169C26AFBEB544E0E48421186 -- C:\Windows\winsxs\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.1.7600.16385_none_b9a1c8f4d6f69273\secdrv.sys

< MD5 for: STDRT.EXE >
[2012/03/20 22:12:17 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt452A.tmp\stdrt.exe
[2012/03/23 23:20:50 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4558.tmp\stdrt.exe
[2012/03/21 16:44:56 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4642.tmp\stdrt.exe
[2012/03/24 12:10:31 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt478A.tmp\stdrt.exe
[2012/03/07 18:22:10 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4893.tmp\stdrt.exe
[2012/03/20 12:25:33 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4A19.tmp\stdrt.exe
[2012/03/12 00:02:30 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4B42.tmp\stdrt.exe
[2012/03/07 18:45:55 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4C3B.tmp\stdrt.exe
[2012/03/22 22:07:05 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4DA2.tmp\stdrt.exe
[2012/03/13 18:53:45 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4E7C.tmp\stdrt.exe
[2012/03/10 21:59:10 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt513A.tmp\stdrt.exe
[2012/03/10 12:17:35 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt51A8.tmp\stdrt.exe
[2012/03/14 23:19:59 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt5427.tmp\stdrt.exe
[2012/03/19 19:03:43 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt5511.tmp\stdrt.exe
[2012/03/18 22:42:20 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt619F.tmp\stdrt.exe
[2012/03/15 23:57:54 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt7473.tmp\stdrt.exe
[2012/03/07 21:54:35 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt7879.tmp\stdrt.exe
[2012/03/17 13:04:40 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt9D47.tmp\stdrt.exe
[2012/03/25 23:35:29 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt9EED.tmp\stdrt.exe
[2012/03/14 23:40:26 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrtDFE2.tmp\stdrt.exe

< End of report >
  • 0

Advertisements


#41
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
    PRC - [2012/03/25 23:35:29 | 000,372,736 | ---- | M] ( ) -- C:\Windows\Temp\mrt9EED.tmp\stdrt.exe
      	
    :Files
    C:\Windows\Temp\mrt*
    C:\Windows\Temp\mrt9EED.tmp\stdrt.exe
    
    :Reg
    
    :Commands
    [resethosts]
    [emptytemp]
    [EMPTYJAVA]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#42
help_the_sheep

help_the_sheep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
All processes killed
========== OTL ==========
No active process named stdrt.exe was found!
========== FILES ==========
C:\Windows\Temp\mrt452A.tmp folder moved successfully.
C:\Windows\Temp\mrt4558.tmp folder moved successfully.
C:\Windows\Temp\mrt4642.tmp folder moved successfully.
C:\Windows\Temp\mrt478A.tmp folder moved successfully.
C:\Windows\Temp\mrt4893.tmp folder moved successfully.
C:\Windows\Temp\mrt4A19.tmp folder moved successfully.
C:\Windows\Temp\mrt4B42.tmp folder moved successfully.
C:\Windows\Temp\mrt4C3B.tmp folder moved successfully.
C:\Windows\Temp\mrt4DA2.tmp folder moved successfully.
C:\Windows\Temp\mrt4E7C.tmp folder moved successfully.
C:\Windows\Temp\mrt4F66.tmp folder moved successfully.
C:\Windows\Temp\mrt513A.tmp folder moved successfully.
C:\Windows\Temp\mrt51A8.tmp folder moved successfully.
C:\Windows\Temp\mrt5427.tmp folder moved successfully.
C:\Windows\Temp\mrt5511.tmp folder moved successfully.
C:\Windows\Temp\mrt619F.tmp folder moved successfully.
C:\Windows\Temp\mrt65F2.tmp folder moved successfully.
C:\Windows\Temp\mrt7473.tmp folder moved successfully.
C:\Windows\Temp\mrt7879.tmp folder moved successfully.
C:\Windows\Temp\mrt9D47.tmp folder moved successfully.
C:\Windows\Temp\mrt9EED.tmp folder moved successfully.
C:\Windows\Temp\mrtDFE2.tmp folder moved successfully.
File\Folder C:\Windows\Temp\mrt9EED.tmp\stdrt.exe not found.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: wesley
->Temp folder emptied: 169377213 bytes
->Temporary Internet Files folder emptied: 95162301 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49762134 bytes
->Flash cache emptied: 475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65512545 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 556343 bytes

Total Files Cleaned = 363.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: wesley
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: wesley
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.33.2 log created on 03282012_181312

Files\Folders moved on Reboot...
C:\Users\wesley\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\wesley\AppData\Local\Temp\MMDUtl.log moved successfully.
File\Folder C:\Windows\temp\hsperfdata_ASS$\1012 not found!
File\Folder C:\Windows\temp\hsperfdata_ASS$\536 not found!
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
C:\Windows\temp\flaAC3B.tmp moved successfully.
File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#43
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.*
    %windir%\system32\tasks\*.*
    /md5start
    stdrt.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#44
help_the_sheep

help_the_sheep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
OTL logfile created on: 3/29/2012 5:06:22 PM - Run 6
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\wesley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 35.35% Memory free
3.71 Gb Paging File | 1.96 Gb Available in Paging File | 52.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 147.61 Gb Free Space | 67.78% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: [bleep] | User Name: wesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/29 16:36:36 | 000,372,736 | ---- | M] ( ) -- C:\Windows\Temp\mrt754E.tmp\stdrt.exe
PRC - [2012/02/26 22:20:32 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\wesley\Desktop\OTL.com
PRC - [2012/02/18 13:02:47 | 000,650,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/01/07 01:17:51 | 000,601,600 | ---- | M] (DownloadManager) -- C:\Program Files (x86)\Download Manager\DownloadManager.exe
PRC - [2011/10/26 13:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/04/02 16:34:42 | 000,340,848 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2011/03/28 21:49:06 | 000,408,432 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2011/03/28 21:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2011/03/14 06:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 06:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 06:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 19:45:35 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/16 19:45:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 19:44:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 19:44:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 19:43:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 19:43:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 19:43:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/12/18 05:23:39 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 16:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/01/07 02:44:09 | 000,689,492 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\adbcnsl.exe -- (Adobe Licensing Console)
SRV - [2011/08/24 15:11:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/07 14:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/04/02 16:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/14 11:35:57 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/07/14 11:35:57 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/07/14 11:35:57 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/20 04:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/25 05:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/01/13 22:01:44 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/01/04 12:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/10/08 05:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 16:17:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/22 16:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Extensions
[2011/12/05 02:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\extensions
[2011/12/05 02:21:29 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/03/22 22:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\Profiles\taxfxnr6.default\extensions
[2012/03/22 16:21:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\wesley\AppData\Roaming\Mozilla\Firefox\Profiles\taxfxnr6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/22 16:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/28 18:13:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O3 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll File not found
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001..\Run: [DownloadManager] C:\Program Files (x86)\Download Manager\DownloadManager.exe (DownloadManager)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1122476515-87290448-1946190744-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30689BBF-A5AC-4597-B61B-D44012EBF6D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/29 16:37:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/03/28 18:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Netgrear
[2012/03/24 12:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/24 12:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/22 22:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/03/22 22:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/03/22 22:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/03/22 22:12:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/22 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\wesley\AppData\Local\Mozilla
[2012/03/14 23:28:31 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 23:28:28 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 23:28:27 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 18:59:45 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 18:59:02 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 18:59:02 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 18:59:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 18:59:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 18:59:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/07 22:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/03/07 18:46:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/07 18:11:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/07 18:11:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/07 18:11:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/07 18:09:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 18:09:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 18:08:41 | 004,430,732 | R--- | C] (Swearware) -- C:\Users\wesley\Desktop\ComboFix.exe
[2012/02/29 20:02:48 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\wesley\Desktop\tdsskiller.exe
[2012/02/29 17:34:20 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\wesley\Desktop\aswMBR.exe

========== Files - Modified Within 30 Days ==========

[2012/03/29 17:16:35 | 000,000,033 | ---- | M] () -- C:\Windows\SysWow64\deck.ini
[2012/03/29 16:44:27 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 16:44:27 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 16:44:06 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/29 16:44:06 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/29 16:44:06 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/29 16:36:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/29 16:36:15 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/28 22:50:54 | 000,007,613 | ---- | M] () -- C:\Users\wesley\AppData\Local\Resmon.ResmonCfg
[2012/03/28 18:13:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/24 12:19:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/24 12:19:05 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/22 22:28:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/22 22:18:20 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/03/22 16:17:05 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/14 23:40:18 | 000,291,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/07 21:59:43 | 123,277,696 | ---- | M] () -- C:\Users\wesley\Desktop\setup_11.0.0.1245.x01_2012_03_08_05_08.exe
[2012/03/07 21:53:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/03/07 18:08:37 | 004,430,732 | R--- | M] (Swearware) -- C:\Users\wesley\Desktop\ComboFix.exe
[2012/02/29 20:02:52 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\wesley\Desktop\tdsskiller.exe
[2012/02/29 17:55:38 | 333,557,443 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/29 17:34:39 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\wesley\Desktop\aswMBR.exe
[2012/02/29 17:00:17 | 001,339,904 | ---- | M] () -- C:\Users\wesley\Desktop\RogueKiller.exe

========== Files Created - No Company Name ==========

[2012/03/24 12:19:00 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/22 22:12:25 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/03/22 16:17:05 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/07 21:57:20 | 123,277,696 | ---- | C] () -- C:\Users\wesley\Desktop\setup_11.0.0.1245.x01_2012_03_08_05_08.exe
[2012/03/07 21:53:55 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/03/07 18:11:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/07 18:11:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/07 18:11:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/07 18:11:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/07 18:11:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/29 17:00:19 | 001,339,904 | ---- | C] () -- C:\Users\wesley\Desktop\RogueKiller.exe
[2012/02/29 16:59:06 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/18 14:44:22 | 000,007,613 | ---- | C] () -- C:\Users\wesley\AppData\Local\Resmon.ResmonCfg
[2012/02/05 21:07:04 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/01/14 06:35:53 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 10:52:02 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\deck.ini
[2012/01/07 02:44:09 | 000,689,492 | ---- | C] ( ) -- C:\Windows\SysWow64\adbcnsl.exe
[2011/07/14 11:20:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/14 11:20:29 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/14 11:20:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2011/12/07 20:28:38 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\.minecraft
[2012/01/09 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\AVG2012
[2012/03/29 17:14:00 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\BitTorrent
[2012/02/26 12:51:11 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\ErrorExpert
[2012/01/08 01:26:46 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\Image-Line
[2011/12/04 22:02:31 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\LolClient
[2012/01/12 00:09:19 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\MMFApplications
[2012/02/26 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\PCPro
[2011/12/21 05:37:04 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\PDFlite
[2012/02/27 17:35:45 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\SynthMaker
[2011/12/19 21:57:50 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\SystemRequirementsLab
[2012/02/12 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\wesley\AppData\Roaming\TS3Client
[2012/02/20 14:37:11 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2012/02/22 22:38:55 | 000,001,449 | ---- | M] () -- C:\aaw7boot.log
[2011/07/14 11:24:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/03/07 21:53:55 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/03/07 18:28:31 | 000,018,181 | ---- | M] () -- C:\ComboFix.txt
[2012/03/29 16:36:15 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 22:49:52 | 000,000,400 | ---- | M] () -- C:\log.txt
[2012/03/29 16:36:19 | 1992,146,944 | -HS- | M] () -- C:\pagefile.sys
[2012/03/10 12:21:31 | 000,003,020 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_10.03.2012_11.21.13_log.txt
[2012/02/29 21:27:58 | 000,293,432 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_29.02.2012_19.05.14_log.txt

< %windir%\system32\tasks\*.* >


< MD5 for: STDRT.EXE >
[2012/03/20 22:12:17 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt452A.tmp\stdrt.exe
[2012/03/23 23:20:50 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4558.tmp\stdrt.exe
[2012/03/21 16:44:56 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4642.tmp\stdrt.exe
[2012/03/24 12:10:31 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt478A.tmp\stdrt.exe
[2012/03/07 18:22:10 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4893.tmp\stdrt.exe
[2012/03/20 12:25:33 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4A19.tmp\stdrt.exe
[2012/03/12 00:02:30 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4B42.tmp\stdrt.exe
[2012/03/07 18:45:55 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4C3B.tmp\stdrt.exe
[2012/03/22 22:07:05 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4DA2.tmp\stdrt.exe
[2012/03/13 18:53:45 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4E7C.tmp\stdrt.exe
[2012/03/26 14:11:42 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt4F66.tmp\stdrt.exe
[2012/03/10 21:59:10 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt513A.tmp\stdrt.exe
[2012/03/10 12:17:35 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt51A8.tmp\stdrt.exe
[2012/03/14 23:19:59 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt5427.tmp\stdrt.exe
[2012/03/19 19:03:43 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt5511.tmp\stdrt.exe
[2012/03/18 22:42:20 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt619F.tmp\stdrt.exe
[2012/03/27 21:34:37 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt65F2.tmp\stdrt.exe
[2012/03/15 23:57:54 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt7473.tmp\stdrt.exe
[2012/03/07 21:54:35 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt7879.tmp\stdrt.exe
[2012/03/17 13:04:40 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt9D47.tmp\stdrt.exe
[2012/03/25 23:35:29 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrt9EED.tmp\stdrt.exe
[2012/03/14 23:40:26 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\_OTL\MovedFiles\03282012_181312\C_Windows\Temp\mrtDFE2.tmp\stdrt.exe
[2012/03/28 18:15:48 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt4A86.tmp\stdrt.exe
[2012/03/28 19:44:41 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt698B.tmp\stdrt.exe
[2012/03/29 16:36:36 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt754E.tmp\stdrt.exe
[2012/03/28 22:57:50 | 000,372,736 | ---- | M] ( ) MD5=79F054D5CDD884E745282873ACC88BF9 -- C:\Windows\Temp\mrt8600.tmp\stdrt.exe

< End of report >

p.s. my computer's gotten worse than it has been
  • 0

#45
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

my computer's gotten worse than it has been

Yes, I see this from log. I can't find source of stdrt.exe so far.

Let's try with fresh copy of Combofix. Delete old copy and then follow this:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP