Jump to content

Computer running slowly, ping.exe HELP! :(


Sauur
 Share

Recommended Posts

Ugh my computer is basically unusable for gaming right now.

My first problem was this AV2012 nonsense but Malwarebytes got rid of that. But I still get redirected to other sites when surfing and I see Ping.exe using a huge amount of resources. I've scanned it with some programs (spy bot, Malwarebytes, McAfee) and nothing seems to find it but I KNOW my computer is running a lot slower than it should be.

Please help me! Here is the log from the sticky note:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Alex at 0:51:28 on 2011-11-29

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3013.937 [GMT -6:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\taskhost.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\windows\system32\mfevtps.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\windows\system32\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\windows\system32\taskmgr.exe

c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

c:\PROGRA~1\mcafee\msc\mcupdmgr.exe

C:\windows\System32\perfmon.exe

C:\windows\System32\ping.exe

C:\windows\system32\conhost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp:\\www.altex.com\

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111119071750.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [rWWJJ7ffELgTZhY] c:\users\alex\appdata\roaming\dwme.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x5\programs\QFSCHD150.EXE"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Copy to &Lightning Note - c:\program files\corel\wordperfect lightning\programs\WPLightningCopyToNote.hta

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{D7C22393-3CA8-4985-A846-B50BB2D5EF69} : DhcpNameServer = 192.168.0.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\ex57hmos.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2559647&SearchSource=13

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 55818

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-8-16 464176]

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-8-16 165680]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-8-16 64880]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-6-1 109728]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-24 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-16 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-16 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-16 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-8-16 166288]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-8-16 160608]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-8-16 150856]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-26 1153368]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-6-1 2656536]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-2-8 262824]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-15 269824]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-24 22216]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-6-1 41088]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-8-16 180816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-8-16 59456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-8-16 338176]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-4-13 67456]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-4-13 161024]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-16 214904]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-10-15 124160]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-8-16 57600]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-6-1 62464]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-8-16 87656]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-1 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2011-6-1 27264]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-1 1343400]

S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-16 214904]

.

=============== Created Last 30 ================

.

2011-11-29 05:14:57 -------- d-----w- c:\program files\ESET

2011-11-27 18:33:13 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e73ba155-2400-41fb-a071-92de3105a401}\offreg.dll

2011-11-26 23:25:45 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-11-26 22:16:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-11-26 22:16:11 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-11-26 04:08:41 -------- d-----w- c:\users\alex\appdata\roaming\kggTTZqqjYwkIr

2011-11-26 04:08:41 -------- d-----w- c:\users\alex\appdata\roaming\aWKK77fEL9

2011-11-26 04:08:37 -------- d-----w- c:\users\alex\appdata\roaming\tiiibDD3on

2011-11-26 04:08:36 -------- d-----w- c:\users\alex\appdata\roaming\GxxxA00ucS

2011-11-26 04:08:36 -------- d-----w- c:\users\alex\appdata\roaming\C5aaQQH6dWK7RLg

2011-11-22 09:44:02 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e73ba155-2400-41fb-a071-92de3105a401}\mpengine.dll

2011-11-19 07:28:20 1652 ----a-w- c:\windows\system32\ASOROSet.bin

2011-11-18 05:17:59 -------- d-----w- c:\programdata\IObit

2011-11-18 05:17:38 -------- d-----w- c:\users\alex\appdata\roaming\IObit

2011-11-18 05:17:20 -------- d-----w- c:\program files\IObit

2011-11-18 05:14:26 -------- d-----w- c:\program files\SpeedyComputer

2011-11-18 05:09:20 -------- d-----w- c:\users\alex\appdata\roaming\Systweak

2011-11-18 05:09:19 17280 ----a-w- c:\windows\system32\roboot.exe

2011-11-13 06:42:43 -------- d-----w- c:\users\alex\appdata\local\Diagnostics

2011-11-13 06:06:22 -------- d-----w- c:\users\alex\appdata\roaming\XcS1ibD3oGaHsJf

2011-11-13 06:06:22 -------- d-----w- c:\users\alex\appdata\roaming\CwkIVrlONx0

2011-11-13 06:02:44 -------- d-----w- c:\users\alex\appdata\roaming\7E570

2011-11-13 06:02:29 -------- d-----w- c:\users\alex\appdata\roaming\hhhYYCwkkUrl

2011-11-13 06:02:28 -------- d-----w- c:\users\alex\appdata\roaming\wHHH6ssWJ7fL8gZ

2011-11-13 06:02:25 -------- d-----w- c:\users\alex\appdata\roaming\fJJ77dEKKg

2011-11-13 06:02:24 -------- d-----w- c:\users\alex\appdata\roaming\xZZZqhhYCwkUrlB

2011-11-13 06:02:24 -------- d-----w- c:\users\alex\appdata\roaming\B44aammH5s

2011-11-13 06:02:22 -------- d-----w- c:\users\alex\appdata\roaming\7C07E

2011-11-11 22:28:33 -------- d-----w- c:\programdata\Blizzard

2011-11-09 05:15:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 05:14:57 708608 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-09 05:14:55 2341888 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 18:58:10 -------- d-----w- c:\program files\Ventrilo

2011-11-04 18:57:23 -------- d-----w- c:\program files\common files\Wise Installation Wizard

.

==================== Find3M ====================

.

2011-10-18 20:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 19:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 19:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-10-15 19:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-10-15 19:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-10-15 19:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 19:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 19:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 19:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 19:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-10-15 19:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-12 13:43:45 1682 --sha-w- c:\programdata\KGyGaAvL.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 0:52:39.38 ===============

************

And here is the other log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/16/2011 2:27:04 PM

System Uptime: 11/28/2011 8:40:35 PM (4 hours ago)

.

Motherboard: Intel Corporation | | DQ67SW

Processor: Intel® Core i5-2400 CPU @ 3.10GHz | SKTH | 3101/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 457 GiB total, 384.018 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Windows Firewall Authorization Driver

Device ID: ROOT\LEGACY_MPSDRV\0000

Manufacturer:

Name: Windows Firewall Authorization Driver

PNP Device ID: ROOT\LEGACY_MPSDRV\0000

Service: mpsdrv

.

==== System Restore Points ===================

.

RP35: 11/17/2011 1:39:01 AM - Scheduled Checkpoint

RP37: 11/17/2011 11:10:42 PM - RegClean Pro Thu, Nov 17, 11 23:10

RP39: 11/17/2011 11:20:23 PM - Advanced SystemCare RestorePoint

RP41: 11/19/2011 1:27:47 AM - RegClean Pro Sat, Nov 19, 11 01:27

RP42: 11/26/2011 1:30:18 AM - Scheduled Checkpoint

RP44: 11/26/2011 2:27:57 AM - Windows Defender Checkpoint

RP45: 11/26/2011 5:23:56 PM - Installed Java 6 Update 29

RP47: 11/27/2011 5:02:33 AM - Windows Defender Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.6

Adventure Tools

Advertising Center

Corel WordPerfect Office - iFilter

Coupon Printer for Windows

DolbyFiles

ESET Online Scanner v3

ImagXpress

Intel® Management Engine Components

Intel® Network Connections 16.2.49.0

Intel® Processor Graphics

Java Auto Updater

Java 6 Update 29

League of Legends

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee AntiVirus Plus

Menu Templates - Starter Kit

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Movie Templates - Starter Kit

Mozilla Firefox 8.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero Vision Help

NeroExpress

neroxml

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Sid Meier's Civilization V

Sprint SmartView

Spybot - Search & Destroy

StarCraft II

Steam

Ultimate Reference Suite

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Ventrilo Client

Warcraft III

WinZip 15.5

WordPerfect Lightning

WordPerfect Lightning - IPM

WordPerfect Lightning - Messages

WordPerfect Lightning - MSOM

WordPerfect Office X5

WordPerfect Office X5 - Common

Wordperfect Office X5 - EN

WordPerfect Office X5 - Filters

WordPerfect Office X5 - Graphics

WordPerfect Office X5 - IPM

WordPerfect Office X5 - LegalTools

WordPerfect Office X5 - Migration Manager

WordPerfect Office X5 - Oxford

WordPerfect Office X5 - PerfectExperts EN

WordPerfect Office X5 - PR

WordPerfect Office X5 - QP

WordPerfect Office X5 - Setup Files

WordPerfect Office X5 - Sharepoint

WordPerfect Office X5 - Skins

WordPerfect Office X5 - System EN

WordPerfect Office X5 - Templates

WordPerfect Office X5 - WP

WordPerfect Office X5 - WT

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

11/28/2011 8:43:18 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

11/28/2011 8:43:18 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

11/28/2011 8:43:18 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

11/28/2011 8:40:55 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

11/27/2011 12:02:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x984371d8, 0x00000002, 0x00000000, 0x838afee5). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 112711-12760-01.

11/26/2011 6:07:41 PM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/26/2011 6:07:41 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

11/26/2011 6:07:41 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

.

==== End Of File ===========================

I hope you can help I'm desperate! Thanks in advance!

Link to post
Share on other sites

Hello Sauur! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Your system is still infected with it.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next reply, please post the following log files:

  • TDSSKiller log
  • OTL log with Extras.txt

Link to post
Share on other sites

Thank you so much for helping me! Here are text files:

OTL Extras logfile created on: 11/29/2011 10:18:54 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 56.78% Memory free

5.88 Gb Paging File | 4.37 Gb Available in Paging File | 74.24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 457.46 Gb Total Space | 382.66 Gb Free Space | 83.65% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5

"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0FFD55FA-40CE-4B7F-9001-A06930C63FA2}" = Sprint SmartView

"{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT

"{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common

"{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM

"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter

"{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 29

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision

"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages

"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help

"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

"{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{67ED9603-CB76-4338-B7B0-690FE144C4DA}" = WordPerfect Lightning

"{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford

"{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics

"{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92B60B3B-7DF3-4BF7-8823-9F17A9EEA31E}" = WordPerfect Office X5

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter

"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center

"{A4552E28-AF1D-4C3E-9991-8112F40265F4}" = Adventure Tools

"{A6FD1334-FD75-4951-935D-08F8C7E4C6B0}" = WordPerfect Office X5 - Sharepoint

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help

"{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5

"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help

"{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins

"{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools

"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime

"{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP

"{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files

"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit

"{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN

"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help

"{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters

"{EBDDD05E-EBCF-40FF-9BBD-C3E099A2B684}" = Intel® Network Connections 16.2.49.0

"{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help

"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM

"{f77d8026-c90e-43cc-a3f7-d4536d5af15b}" = Nero 9 Essentials

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"ENTERPRISER" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)

"MSC" = McAfee AntiVirus Plus

"PROSetDX" = Intel® Network Connections 16.2.49.0

"StarCraft II" = StarCraft II

"Steam App 8930" = Sid Meier's Civilization V

"Ultimate Reference Suite" = Ultimate Reference Suite

"Warcraft III" = Warcraft III

"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/19/2011 1:25:54 AM | Computer Name = Alex-PC | Source = BugSplat | ID = 1

Description =

Error - 9/19/2011 10:35:29 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application name: CivilizationV_DX11.exe, version: 1.0.1.383,

time stamp: 0x4e41c172 Faulting module name: CivilizationV_DX11.exe, version: 1.0.1.383,

time stamp: 0x4e41c172 Exception code: 0xc0000005 Fault offset: 0x00260304 Faulting

process id: 0x1408 Faulting application start time: 0x01cc773d2bee9f29 Faulting application

path: c:\program files\steam\steamapps\common\sid meier's civilization v\CivilizationV_DX11.exe

Faulting

module path: c:\program files\steam\steamapps\common\sid meier's civilization v\CivilizationV_DX11.exe

Report

Id: 33b8c570-e331-11e0-8ea4-00a0d5ffff85

Error - 9/19/2011 10:54:18 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application name: CivilizationV_DX11.exe, version: 1.0.1.383,

time stamp: 0x4e41c172 Faulting module name: CivilizationV_DX11.exe, version: 1.0.1.383,

time stamp: 0x4e41c172 Exception code: 0xc0000005 Fault offset: 0x00260304 Faulting

process id: 0x1378 Faulting application start time: 0x01cc77406c46b21d Faulting application

path: c:\program files\steam\steamapps\common\sid meier's civilization v\CivilizationV_DX11.exe

Faulting

module path: c:\program files\steam\steamapps\common\sid meier's civilization v\CivilizationV_DX11.exe

Report

Id: d4e8c067-e333-11e0-8ea4-00a0d5ffff85

Error - 9/19/2011 10:57:29 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application name: CivilizationV_DX11.exe, version: 1.0.1.383,

time stamp: 0x4e41c172 Faulting module name: CivilizationV_DX11.exe, version: 1.0.1.383,

time stamp: 0x4e41c172 Exception code: 0xc0000005 Fault offset: 0x00260304 Faulting

process id: 0x1544 Faulting application start time: 0x01cc7740da462616 Faulting application

path: c:\program files\steam\steamapps\common\sid meier's civilization v\CivilizationV_DX11.exe

Faulting

module path: c:\program files\steam\steamapps\common\sid meier's civilization v\CivilizationV_DX11.exe

Report

Id: 46f55ff8-e334-11e0-8ea4-00a0d5ffff85

Error - 9/24/2011 10:52:28 PM | Computer Name = Alex-PC | Source = BugSplat | ID = 1

Description =

Error - 9/25/2011 10:45:10 AM | Computer Name = Alex-PC | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 6.0.2.4262 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 874 Start

Time: 01cc7b2e99a32872 Termination Time: 116 Application Path: C:\Program Files\Mozilla

Firefox\firefox.exe Report Id: f3500b3f-e784-11e0-94a6-00a0d5ffff85

Error - 10/8/2011 11:37:32 AM | Computer Name = Alex-PC | Source = Application Hang | ID = 1002

Description = The program TempRealCharacterBuilderUpdater.exe version 1.0.0.0 stopped

interacting with Windows and was closed. To see if more information about the problem

is available, check the problem history in the Action Center control panel. Process

ID: a2c Start Time: 01cc85d019311d0b Termination Time: 15 Application Path: C:\Users\Alex\AppData\Local\Temp\Adventure

Tools\TempRealCharacterBuilderUpdater.exe Report Id: 6bb9b92a-f1c3-11e0-94a6-00a0d5ffff85

Error - 10/9/2011 10:53:54 AM | Computer Name = Alex-PC | Source = BugSplat | ID = 1

Description =

Error - 10/10/2011 11:58:49 PM | Computer Name = Alex-PC | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 7.0.1.4288 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: cf0 Start

Time: 01cc86df58d6ec9b Termination Time: 44 Application Path: C:\Program Files\Mozilla

Firefox\firefox.exe Report Id: 4e90eda4-f3bd-11e0-9d96-00a0d5ffff85

Error - 11/1/2011 11:00:24 PM | Computer Name = Alex-PC | Source = Application Hang | ID = 1002

Description = The program mcagent.exe version 11.0.623.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: d88 Start

Time: 01cc8f8cc84a6821 Termination Time: 73 Application Path: C:\Program Files\McAfee.com\Agent\mcagent.exe

Report

Id: c43b8bcd-04fe-11e1-97fc-00a0d5ffff85

[ System Events ]

Error - 11/13/2011 2:07:37 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000

Description = The Steam Client Service service failed to start due to the following

error: %%1053

Error - 11/15/2011 2:36:12 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Steam

Client Service service to connect.

Error - 11/15/2011 2:36:12 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000

Description = The Steam Client Service service failed to start due to the following

error: %%1053

Error - 11/16/2011 4:35:13 AM | Computer Name = Alex-PC | Source = volsnap | ID = 393252

Description = The shadow copies of volume C: were aborted because the shadow copy

storage could not grow due to a user imposed limit.

Error - 11/18/2011 1:17:43 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7030

Description = The Advanced SystemCare Service 5 service is marked as an interactive

service. However, the system is configured to not allow interactive services.

This service may not function properly.

Error - 11/19/2011 4:01:19 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7024

Description = The Windows Firewall service terminated with service-specific error

%%5.

Error - 11/19/2011 12:00:30 PM | Computer Name = Alex-PC | Source = bowser | ID = 8003

Description =

Error - 11/26/2011 12:12:43 AM | Computer Name = Alex-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 11/26/2011 12:55:39 AM | Computer Name = Alex-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 11/26/2011 12:55:42 AM | Computer Name = Alex-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

< End of report >

**********************************************

10:26:33.0237 4968 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

10:26:33.0596 4968 ============================================================

10:26:33.0596 4968 Current date / time: 2011/11/29 10:26:33.0596

10:26:33.0596 4968 SystemInfo:

10:26:33.0596 4968

10:26:33.0596 4968 OS Version: 6.1.7601 ServicePack: 1.0

10:26:33.0596 4968 Product type: Workstation

10:26:33.0596 4968 ComputerName: ALEX-PC

10:26:33.0596 4968 UserName: Alex

10:26:33.0596 4968 Windows directory: C:\windows

10:26:33.0596 4968 System windows directory: C:\windows

10:26:33.0596 4968 Processor architecture: Intel x86

10:26:33.0596 4968 Number of processors: 4

10:26:33.0596 4968 Page size: 0x1000

10:26:33.0596 4968 Boot type: Normal boot

10:26:33.0596 4968 ============================================================

10:26:34.0610 4968 Initialize success

10:27:10.0896 4448 ============================================================

10:27:10.0896 4448 Scan started

10:27:10.0896 4448 Mode: Manual; SigCheck; TDLFS;

10:27:10.0896 4448 ============================================================

10:27:12.0393 4448 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

10:27:12.0456 4448 1394ohci - ok

10:27:12.0487 4448 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

10:27:12.0502 4448 ACPI - ok

10:27:12.0518 4448 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

10:27:12.0534 4448 AcpiPmi - ok

10:27:12.0565 4448 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\drivers\adp94xx.sys

10:27:12.0580 4448 adp94xx - ok

10:27:12.0612 4448 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\drivers\adpahci.sys

10:27:12.0627 4448 adpahci - ok

10:27:12.0643 4448 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\drivers\adpu320.sys

10:27:12.0643 4448 adpu320 - ok

10:27:12.0690 4448 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

10:27:12.0705 4448 AFD - ok

10:27:12.0736 4448 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

10:27:12.0736 4448 agp440 - ok

10:27:12.0768 4448 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\drivers\djsvs.sys

10:27:12.0768 4448 aic78xx - ok

10:27:12.0799 4448 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

10:27:12.0814 4448 aliide - ok

10:27:12.0830 4448 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

10:27:12.0830 4448 amdagp - ok

10:27:12.0861 4448 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

10:27:12.0861 4448 amdide - ok

10:27:12.0892 4448 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\drivers\amdk8.sys

10:27:12.0908 4448 AmdK8 - ok

10:27:12.0924 4448 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\drivers\amdppm.sys

10:27:12.0939 4448 AmdPPM - ok

10:27:12.0955 4448 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

10:27:12.0970 4448 amdsata - ok

10:27:12.0986 4448 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\drivers\amdsbs.sys

10:27:13.0002 4448 amdsbs - ok

10:27:13.0017 4448 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

10:27:13.0033 4448 amdxata - ok

10:27:13.0048 4448 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

10:27:13.0080 4448 AppID - ok

10:27:13.0111 4448 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\drivers\arc.sys

10:27:13.0111 4448 arc - ok

10:27:13.0126 4448 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\drivers\arcsas.sys

10:27:13.0126 4448 arcsas - ok

10:27:13.0158 4448 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

10:27:13.0173 4448 AsyncMac - ok

10:27:13.0204 4448 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

10:27:13.0204 4448 atapi - ok

10:27:13.0236 4448 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\drivers\bxvbdx.sys

10:27:13.0267 4448 b06bdrv - ok

10:27:13.0314 4448 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

10:27:13.0329 4448 b57nd60x - ok

10:27:13.0345 4448 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

10:27:13.0392 4448 Beep - ok

10:27:13.0438 4448 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\drivers\blbdrive.sys

10:27:13.0454 4448 blbdrive - ok

10:27:13.0470 4448 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

10:27:13.0485 4448 bowser - ok

10:27:13.0516 4448 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\BrFiltLo.sys

10:27:13.0532 4448 BrFiltLo - ok

10:27:13.0563 4448 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\BrFiltUp.sys

10:27:13.0579 4448 BrFiltUp - ok

10:27:13.0626 4448 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

10:27:13.0688 4448 Brserid - ok

10:27:13.0719 4448 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

10:27:13.0750 4448 BrSerWdm - ok

10:27:13.0782 4448 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

10:27:13.0797 4448 BrUsbMdm - ok

10:27:13.0813 4448 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

10:27:13.0828 4448 BrUsbSer - ok

10:27:13.0844 4448 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\drivers\bthmodem.sys

10:27:13.0860 4448 BTHMODEM - ok

10:27:13.0891 4448 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

10:27:13.0938 4448 cdfs - ok

10:27:13.0953 4448 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys

10:27:13.0969 4448 cdrom - ok

10:27:14.0000 4448 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\windows\system32\drivers\cfwids.sys

10:27:14.0031 4448 cfwids - ok

10:27:14.0062 4448 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\drivers\circlass.sys

10:27:14.0078 4448 circlass - ok

10:27:14.0094 4448 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

10:27:14.0109 4448 CLFS - ok

10:27:14.0109 4448 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\drivers\CmBatt.sys

10:27:14.0125 4448 CmBatt - ok

10:27:14.0156 4448 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

10:27:14.0156 4448 cmdide - ok

10:27:14.0187 4448 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys

10:27:14.0203 4448 CNG - ok

10:27:14.0234 4448 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\drivers\compbatt.sys

10:27:14.0234 4448 Compbatt - ok

10:27:14.0265 4448 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

10:27:14.0281 4448 CompositeBus - ok

10:27:14.0296 4448 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\drivers\crcdisk.sys

10:27:14.0296 4448 crcdisk - ok

10:27:14.0312 4448 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\windows\system32\drivers\csc.sys

10:27:14.0343 4448 CSC - ok

10:27:14.0359 4448 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

10:27:14.0390 4448 DfsC - ok

10:27:14.0421 4448 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

10:27:14.0437 4448 discache - ok

10:27:14.0468 4448 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\drivers\disk.sys

10:27:14.0468 4448 Disk - ok

10:27:14.0499 4448 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\windows\system32\drivers\dmvsc.sys

10:27:14.0515 4448 dmvsc - ok

10:27:14.0530 4448 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

10:27:14.0546 4448 drmkaud - ok

10:27:14.0577 4448 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

10:27:14.0593 4448 DXGKrnl - ok

10:27:14.0640 4448 e1cexpress (54e93b487b415cad5db43cb7416ff3ac) C:\windows\system32\DRIVERS\e1c6232.sys

10:27:14.0640 4448 e1cexpress - ok

10:27:14.0718 4448 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\drivers\evbdx.sys

10:27:14.0796 4448 ebdrv - ok

10:27:14.0827 4448 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\drivers\elxstor.sys

10:27:14.0842 4448 elxstor - ok

10:27:14.0874 4448 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

10:27:14.0889 4448 ErrDev - ok

10:27:14.0936 4448 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

10:27:14.0967 4448 exfat - ok

10:27:14.0983 4448 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

10:27:15.0014 4448 fastfat - ok

10:27:15.0045 4448 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\drivers\fdc.sys

10:27:15.0076 4448 fdc - ok

10:27:15.0108 4448 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

10:27:15.0108 4448 FileInfo - ok

10:27:15.0139 4448 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

10:27:15.0170 4448 Filetrace - ok

10:27:15.0186 4448 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\drivers\flpydisk.sys

10:27:15.0201 4448 flpydisk - ok

10:27:15.0232 4448 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

10:27:15.0248 4448 FltMgr - ok

10:27:15.0264 4448 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

10:27:15.0279 4448 FsDepends - ok

10:27:15.0295 4448 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

10:27:15.0310 4448 Fs_Rec - ok

10:27:15.0342 4448 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

10:27:15.0357 4448 fvevol - ok

10:27:15.0373 4448 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\drivers\gagp30kx.sys

10:27:15.0388 4448 gagp30kx - ok

10:27:15.0420 4448 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

10:27:15.0435 4448 hcw85cir - ok

10:27:15.0466 4448 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

10:27:15.0482 4448 HdAudAddService - ok

10:27:15.0498 4448 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

10:27:15.0513 4448 HDAudBus - ok

10:27:15.0529 4448 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\drivers\HidBatt.sys

10:27:15.0544 4448 HidBatt - ok

10:27:15.0560 4448 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\drivers\hidbth.sys

10:27:15.0576 4448 HidBth - ok

10:27:15.0591 4448 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\drivers\hidir.sys

10:27:15.0607 4448 HidIr - ok

10:27:15.0638 4448 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys

10:27:15.0654 4448 HidUsb - ok

10:27:15.0669 4448 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

10:27:15.0685 4448 HpSAMD - ok

10:27:15.0732 4448 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

10:27:15.0778 4448 HTTP - ok

10:27:15.0810 4448 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

10:27:15.0810 4448 hwpolicy - ok

10:27:15.0841 4448 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

10:27:15.0856 4448 i8042prt - ok

10:27:15.0888 4448 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

10:27:15.0903 4448 iaStorV - ok

10:27:16.0122 4448 igfx (85a8cb976a881d2aa68388d17e95a07e) C:\windows\system32\DRIVERS\igdkmd32.sys

10:27:16.0340 4448 igfx - ok

10:27:16.0418 4448 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\drivers\iirsp.sys

10:27:16.0434 4448 iirsp - ok

10:27:16.0496 4448 IntcAzAudAddService (763fa415837a3768cf5e6c6fb8626602) C:\windows\system32\drivers\RTKVHDA.sys

10:27:16.0543 4448 IntcAzAudAddService - ok

10:27:16.0574 4448 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\windows\system32\DRIVERS\IntcDAud.sys

10:27:16.0605 4448 IntcDAud - ok

10:27:16.0652 4448 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

10:27:16.0668 4448 intelide - ok

10:27:16.0714 4448 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\drivers\intelppm.sys

10:27:16.0730 4448 intelppm - ok

10:27:16.0746 4448 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

10:27:16.0792 4448 IpFilterDriver - ok

10:27:16.0808 4448 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

10:27:16.0855 4448 IPMIDRV - ok

10:27:16.0870 4448 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

10:27:16.0917 4448 IPNAT - ok

10:27:16.0933 4448 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

10:27:16.0964 4448 IRENUM - ok

10:27:17.0011 4448 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

10:27:17.0011 4448 isapnp - ok

10:27:17.0042 4448 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

10:27:17.0042 4448 iScsiPrt - ok

10:27:17.0058 4448 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

10:27:17.0073 4448 kbdclass - ok

10:27:17.0104 4448 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys

10:27:17.0104 4448 kbdhid - ok

10:27:17.0136 4448 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys

10:27:17.0136 4448 KSecDD - ok

10:27:17.0151 4448 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys

10:27:17.0167 4448 KSecPkg - ok

10:27:17.0182 4448 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

10:27:17.0198 4448 lltdio - ok

10:27:17.0229 4448 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\drivers\lsi_fc.sys

10:27:17.0245 4448 LSI_FC - ok

10:27:17.0260 4448 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\drivers\lsi_sas.sys

10:27:17.0276 4448 LSI_SAS - ok

10:27:17.0307 4448 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\drivers\lsi_sas2.sys

10:27:17.0307 4448 LSI_SAS2 - ok

10:27:17.0323 4448 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\drivers\lsi_scsi.sys

10:27:17.0338 4448 LSI_SCSI - ok

10:27:17.0354 4448 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

10:27:17.0370 4448 luafv - ok

10:27:17.0401 4448 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\windows\system32\drivers\mbam.sys

10:27:17.0416 4448 MBAMProtector - ok

10:27:17.0432 4448 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\drivers\megasas.sys

10:27:17.0448 4448 megasas - ok

10:27:17.0463 4448 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\drivers\MegaSR.sys

10:27:17.0463 4448 MegaSR - ok

10:27:17.0494 4448 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\windows\system32\drivers\HECI.sys

10:27:17.0494 4448 MEI - ok

10:27:17.0541 4448 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\windows\system32\drivers\mfeapfk.sys

10:27:17.0541 4448 mfeapfk - ok

10:27:17.0588 4448 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\windows\system32\drivers\mfeavfk.sys

10:27:17.0604 4448 mfeavfk - ok

10:27:17.0635 4448 mfeavfk01 - ok

10:27:17.0666 4448 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\windows\system32\drivers\mfebopk.sys

10:27:17.0666 4448 mfebopk - ok

10:27:17.0697 4448 mfefirek (215666a8a85023ef019b510cbb67f678) C:\windows\system32\drivers\mfefirek.sys

10:27:17.0728 4448 mfefirek - ok

10:27:17.0760 4448 mfehidk (56d330981866a72f061dd16cc5004513) C:\windows\system32\drivers\mfehidk.sys

10:27:17.0775 4448 mfehidk - ok

10:27:17.0791 4448 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\windows\system32\DRIVERS\mfenlfk.sys

10:27:17.0806 4448 mfenlfk - ok

10:27:17.0822 4448 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\windows\system32\drivers\mferkdet.sys

10:27:17.0838 4448 mferkdet - ok

10:27:17.0853 4448 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\windows\system32\drivers\mfewfpk.sys

10:27:17.0869 4448 mfewfpk - ok

10:27:17.0884 4448 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

10:27:17.0931 4448 Modem - ok

10:27:17.0947 4448 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

10:27:17.0962 4448 monitor - ok

10:27:17.0994 4448 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

10:27:17.0994 4448 mouclass - ok

10:27:18.0025 4448 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

10:27:18.0040 4448 mouhid - ok

10:27:18.0056 4448 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

10:27:18.0072 4448 mountmgr - ok

10:27:18.0087 4448 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

10:27:18.0103 4448 mpio - ok

10:27:18.0118 4448 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

10:27:18.0134 4448 mpsdrv - ok

10:27:18.0150 4448 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

10:27:18.0181 4448 MRxDAV - ok

10:27:18.0196 4448 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

10:27:18.0228 4448 mrxsmb - ok

10:27:18.0259 4448 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

10:27:18.0274 4448 mrxsmb10 - ok

10:27:18.0274 4448 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

10:27:18.0290 4448 mrxsmb20 - ok

10:27:18.0321 4448 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

10:27:18.0321 4448 msahci - ok

10:27:18.0352 4448 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

10:27:18.0352 4448 msdsm - ok

10:27:18.0399 4448 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

10:27:18.0415 4448 Msfs - ok

10:27:18.0446 4448 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

10:27:18.0462 4448 mshidkmdf - ok

10:27:18.0477 4448 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

10:27:18.0493 4448 msisadrv - ok

10:27:18.0508 4448 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

10:27:18.0524 4448 MSKSSRV - ok

10:27:18.0555 4448 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

10:27:18.0571 4448 MSPCLOCK - ok

10:27:18.0586 4448 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

10:27:18.0602 4448 MSPQM - ok

10:27:18.0633 4448 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

10:27:18.0649 4448 MsRPC - ok

10:27:18.0680 4448 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

10:27:18.0680 4448 mssmbios - ok

10:27:18.0696 4448 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

10:27:18.0727 4448 MSTEE - ok

10:27:18.0758 4448 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\drivers\MTConfig.sys

10:27:18.0774 4448 MTConfig - ok

10:27:18.0789 4448 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

10:27:18.0789 4448 Mup - ok

10:27:18.0820 4448 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

10:27:18.0820 4448 NativeWifiP - ok

10:27:18.0852 4448 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

10:27:18.0867 4448 NDIS - ok

10:27:18.0883 4448 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

10:27:18.0898 4448 NdisCap - ok

10:27:18.0914 4448 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

10:27:18.0945 4448 NdisTapi - ok

10:27:18.0961 4448 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

10:27:18.0976 4448 Ndisuio - ok

10:27:19.0008 4448 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

10:27:19.0023 4448 NdisWan - ok

10:27:19.0039 4448 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

10:27:19.0054 4448 NDProxy - ok

10:27:19.0054 4448 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

10:27:19.0101 4448 NetBIOS - ok

10:27:19.0148 4448 NetBT (000856a0cf8ff0856154b9caac0c125c) C:\windows\system32\DRIVERS\netbt.sys

10:27:19.0148 4448 Suspicious file (Forged): C:\windows\system32\DRIVERS\netbt.sys. Real md5: 000856a0cf8ff0856154b9caac0c125c, Fake md5: 280122ddcf04b378edd1ad54d71c1e54

10:27:19.0148 4448 NetBT ( Rootkit.Win32.ZAccess.aml ) - infected

10:27:19.0148 4448 NetBT - detected Rootkit.Win32.ZAccess.aml (0)

10:27:19.0179 4448 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\drivers\nfrd960.sys

10:27:19.0179 4448 nfrd960 - ok

10:27:19.0210 4448 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\windows\system32\DRIVERS\pctnullport.sys

10:27:19.0226 4448 Nmea - ok

10:27:19.0242 4448 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

10:27:19.0257 4448 Npfs - ok

10:27:19.0273 4448 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

10:27:19.0304 4448 nsiproxy - ok

10:27:19.0382 4448 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

10:27:19.0429 4448 Ntfs - ok

10:27:19.0429 4448 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

10:27:19.0460 4448 Null - ok

10:27:19.0491 4448 nusb3hub (e54781f54abcf18dce0d39e78462a104) C:\windows\system32\drivers\nusb3hub.sys

10:27:19.0491 4448 nusb3hub - ok

10:27:19.0522 4448 nusb3xhc (aa4cc12e74b813347e8ab590b4c9dd8a) C:\windows\system32\drivers\nusb3xhc.sys

10:27:19.0538 4448 nusb3xhc - ok

10:27:19.0554 4448 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

10:27:19.0569 4448 nvraid - ok

10:27:19.0632 4448 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

10:27:19.0632 4448 nvstor - ok

10:27:19.0678 4448 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

10:27:19.0694 4448 nv_agp - ok

10:27:19.0772 4448 NWADI (0973c0c696780161f4526586d5eac422) C:\windows\system32\DRIVERS\NWADIenum.sys

10:27:19.0819 4448 NWADI - ok

10:27:19.0881 4448 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

10:27:19.0897 4448 ohci1394 - ok

10:27:19.0944 4448 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\drivers\parport.sys

10:27:19.0959 4448 Parport - ok

10:27:19.0975 4448 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys

10:27:19.0990 4448 partmgr - ok

10:27:20.0006 4448 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\drivers\parvdm.sys

10:27:20.0022 4448 Parvdm - ok

10:27:20.0053 4448 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

10:27:20.0053 4448 pci - ok

10:27:20.0084 4448 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

10:27:20.0084 4448 pciide - ok

10:27:20.0115 4448 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\drivers\pcmcia.sys

10:27:20.0131 4448 pcmcia - ok

10:27:20.0162 4448 PCTINDIS5 (d6da0b85889d8236e2a3e80826ad104b) C:\windows\system32\PCTINDIS5.SYS

10:27:20.0162 4448 PCTINDIS5 - ok

10:27:20.0318 4448 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

10:27:20.0334 4448 pcw - ok

10:27:20.0349 4448 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

10:27:20.0380 4448 PEAUTH - ok

10:27:20.0412 4448 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

10:27:20.0427 4448 PptpMiniport - ok

10:27:20.0443 4448 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\drivers\processr.sys

10:27:20.0458 4448 Processor - ok

10:27:20.0490 4448 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

10:27:20.0521 4448 Psched - ok

10:27:20.0552 4448 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\drivers\ql2300.sys

10:27:20.0583 4448 ql2300 - ok

10:27:20.0614 4448 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\drivers\ql40xx.sys

10:27:20.0614 4448 ql40xx - ok

10:27:20.0646 4448 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

10:27:20.0677 4448 QWAVEdrv - ok

10:27:20.0692 4448 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

10:27:20.0724 4448 RasAcd - ok

10:27:20.0739 4448 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

10:27:20.0770 4448 RasAgileVpn - ok

10:27:20.0802 4448 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

10:27:20.0817 4448 Rasl2tp - ok

10:27:20.0833 4448 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

10:27:20.0864 4448 RasPppoe - ok

10:27:20.0864 4448 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

10:27:20.0880 4448 RasSstp - ok

10:27:20.0911 4448 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

10:27:20.0942 4448 rdbss - ok

10:27:20.0958 4448 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\drivers\rdpbus.sys

10:27:20.0973 4448 rdpbus - ok

10:27:20.0989 4448 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

10:27:21.0004 4448 RDPCDD - ok

10:27:21.0020 4448 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\windows\system32\drivers\rdpdr.sys

10:27:21.0036 4448 RDPDR - ok

10:27:21.0051 4448 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

10:27:21.0082 4448 RDPENCDD - ok

10:27:21.0082 4448 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

10:27:21.0114 4448 RDPREFMP - ok

10:27:21.0114 4448 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys

10:27:21.0160 4448 RDPWD - ok

10:27:21.0176 4448 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

10:27:21.0176 4448 rdyboost - ok

10:27:21.0254 4448 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\windows\system32\DRIVERS\RimSerial.sys

10:27:21.0285 4448 RimVSerPort - ok

10:27:21.0301 4448 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys

10:27:21.0332 4448 ROOTMODEM - ok

10:27:21.0394 4448 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

10:27:21.0426 4448 rspndr - ok

10:27:21.0457 4448 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\windows\system32\drivers\vms3cap.sys

10:27:21.0472 4448 s3cap - ok

10:27:21.0488 4448 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

10:27:21.0488 4448 sbp2port - ok

10:27:21.0519 4448 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

10:27:21.0550 4448 scfilter - ok

10:27:21.0566 4448 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

10:27:21.0597 4448 secdrv - ok

10:27:21.0628 4448 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\drivers\serenum.sys

10:27:21.0628 4448 Serenum - ok

10:27:21.0660 4448 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\drivers\serial.sys

10:27:21.0675 4448 Serial - ok

10:27:21.0706 4448 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\drivers\sermouse.sys

10:27:21.0722 4448 sermouse - ok

10:27:21.0738 4448 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

10:27:21.0753 4448 sffdisk - ok

10:27:21.0769 4448 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

10:27:21.0784 4448 sffp_mmc - ok

10:27:21.0784 4448 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

10:27:21.0800 4448 sffp_sd - ok

10:27:21.0816 4448 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\drivers\sfloppy.sys

10:27:21.0831 4448 sfloppy - ok

10:27:21.0862 4448 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

10:27:21.0878 4448 sisagp - ok

10:27:21.0909 4448 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\drivers\SiSRaid2.sys

10:27:21.0909 4448 SiSRaid2 - ok

10:27:21.0940 4448 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\drivers\sisraid4.sys

10:27:21.0940 4448 SiSRaid4 - ok

10:27:21.0956 4448 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

10:27:21.0972 4448 Smb - ok

10:27:22.0003 4448 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

10:27:22.0003 4448 spldr - ok

10:27:22.0034 4448 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

10:27:22.0065 4448 srv - ok

10:27:22.0081 4448 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

10:27:22.0112 4448 srv2 - ok

10:27:22.0128 4448 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

10:27:22.0143 4448 srvnet - ok

10:27:22.0174 4448 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\drivers\stexstor.sys

10:27:22.0190 4448 stexstor - ok

10:27:22.0206 4448 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\windows\system32\drivers\vmstorfl.sys

10:27:22.0221 4448 storflt - ok

10:27:22.0237 4448 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\windows\system32\drivers\storvsc.sys

10:27:22.0237 4448 storvsc - ok

10:27:22.0252 4448 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

10:27:22.0268 4448 swenum - ok

10:27:22.0299 4448 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\windows\System32\drivers\swmsflt.sys

10:27:22.0315 4448 swmsflt - ok

10:27:22.0346 4448 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\windows\system32\DRIVERS\swmx00.sys

10:27:22.0346 4448 swmx00 - ok

10:27:22.0393 4448 SWNC5E00 (e0919389fb29ed5c03b0b664236abe50) C:\windows\system32\DRIVERS\SWNC5E00.sys

10:27:22.0393 4448 SWNC5E00 - ok

10:27:22.0455 4448 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys

10:27:22.0486 4448 Tcpip - ok

10:27:22.0502 4448 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys

10:27:22.0518 4448 TCPIP6 - ok

10:27:22.0549 4448 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

10:27:22.0564 4448 tcpipreg - ok

10:27:22.0580 4448 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

10:27:22.0627 4448 TDPIPE - ok

10:27:22.0642 4448 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys

10:27:22.0689 4448 TDTCP - ok

10:27:22.0689 4448 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

10:27:22.0720 4448 tdx - ok

10:27:22.0736 4448 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

10:27:22.0752 4448 TermDD - ok

10:27:22.0767 4448 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys

10:27:22.0783 4448 TPM - ok

10:27:22.0814 4448 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

10:27:22.0830 4448 tssecsrv - ok

10:27:22.0845 4448 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

10:27:22.0892 4448 TsUsbFlt - ok

10:27:22.0939 4448 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\windows\system32\drivers\TsUsbGD.sys

10:27:22.0954 4448 TsUsbGD - ok

10:27:22.0970 4448 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

10:27:23.0001 4448 tunnel - ok

10:27:23.0017 4448 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\drivers\uagp35.sys

10:27:23.0032 4448 uagp35 - ok

10:27:23.0048 4448 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

10:27:23.0079 4448 udfs - ok

10:27:23.0142 4448 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

10:27:23.0142 4448 uliagpkx - ok

10:27:23.0173 4448 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\DRIVERS\umbus.sys

10:27:23.0188 4448 umbus - ok

10:27:23.0235 4448 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\drivers\umpass.sys

10:27:23.0251 4448 UmPass - ok

10:27:23.0282 4448 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

10:27:23.0313 4448 usbccgp - ok

10:27:23.0329 4448 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

10:27:23.0344 4448 usbcir - ok

10:27:23.0360 4448 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

10:27:23.0391 4448 usbehci - ok

10:27:23.0407 4448 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

10:27:23.0407 4448 usbhub - ok

10:27:23.0438 4448 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys

10:27:23.0454 4448 usbohci - ok

10:27:23.0485 4448 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

10:27:23.0500 4448 usbprint - ok

10:27:23.0532 4448 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

10:27:23.0547 4448 usbscan - ok

10:27:23.0578 4448 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS

10:27:23.0594 4448 USBSTOR - ok

10:27:23.0641 4448 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

10:27:23.0656 4448 usbuhci - ok

10:27:23.0688 4448 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

10:27:23.0688 4448 vdrvroot - ok

10:27:23.0703 4448 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

10:27:23.0719 4448 vga - ok

10:27:23.0750 4448 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

10:27:23.0766 4448 VgaSave - ok

10:27:23.0797 4448 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

10:27:23.0797 4448 vhdmp - ok

10:27:23.0828 4448 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

10:27:23.0828 4448 viaagp - ok

10:27:23.0875 4448 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\drivers\viac7.sys

10:27:23.0890 4448 ViaC7 - ok

10:27:23.0906 4448 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

10:27:23.0906 4448 viaide - ok

10:27:23.0922 4448 vmbus (c2f2911156fdc7817c52829c86da494e) C:\windows\system32\drivers\vmbus.sys

10:27:23.0922 4448 vmbus - ok

10:27:23.0953 4448 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\windows\system32\drivers\VMBusHID.sys

10:27:23.0953 4448 VMBusHID - ok

10:27:23.0984 4448 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

10:27:24.0000 4448 volmgr - ok

10:27:24.0015 4448 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

10:27:24.0031 4448 volmgrx - ok

10:27:24.0046 4448 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

10:27:24.0062 4448 volsnap - ok

10:27:24.0093 4448 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\drivers\vsmraid.sys

10:27:24.0093 4448 vsmraid - ok

10:27:24.0124 4448 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\System32\drivers\vwifibus.sys

10:27:24.0140 4448 vwifibus - ok

10:27:24.0171 4448 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\drivers\wacompen.sys

10:27:24.0187 4448 WacomPen - ok

10:27:24.0187 4448 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

10:27:24.0218 4448 WANARP - ok

10:27:24.0218 4448 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

10:27:24.0234 4448 Wanarpv6 - ok

10:27:24.0249 4448 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\drivers\wd.sys

10:27:24.0265 4448 Wd - ok

10:27:24.0280 4448 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

10:27:24.0296 4448 Wdf01000 - ok

10:27:24.0312 4448 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

10:27:24.0327 4448 WfpLwf - ok

10:27:24.0343 4448 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

10:27:24.0358 4448 WIMMount - ok

10:27:24.0390 4448 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

10:27:24.0405 4448 WmiAcpi - ok

10:27:24.0452 4448 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

10:27:24.0499 4448 ws2ifsl - ok

10:27:24.0530 4448 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

10:27:24.0577 4448 WudfPf - ok

10:27:24.0592 4448 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

10:27:24.0624 4448 WUDFRd - ok

10:27:24.0639 4448 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

10:27:34.0046 4448 \Device\Harddisk0\DR0 - ok

10:27:34.0077 4448 Boot (0x1200) (0da2b5c2cceb0a982ef6d9ef1906b84a) \Device\Harddisk0\DR0\Partition0

10:27:34.0093 4448 \Device\Harddisk0\DR0\Partition0 - ok

10:27:34.0108 4448 Boot (0x1200) (1882ef05494070cfae51ebf7a3b67ca8) \Device\Harddisk0\DR0\Partition1

10:27:34.0108 4448 \Device\Harddisk0\DR0\Partition1 - ok

10:27:34.0108 4448 ============================================================

10:27:34.0108 4448 Scan finished

10:27:34.0108 4448 ============================================================

10:27:34.0108 5148 Detected object count: 1

10:27:34.0108 5148 Actual detected object count: 1

10:28:15.0384 5148 Backup copy found, using it..

10:28:15.0394 5148 C:\windows\system32\DRIVERS\netbt.sys - will be cured on reboot

10:28:16.0754 5148 NetBT ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure

10:28:49.0291 4376 Deinitialize success

*****************************************************

Looks like tdss killer killed something... that's good right? :)

Link to post
Share on other sites

OTL logfile created on: 11/29/2011 10:18:54 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 56.78% Memory free

5.88 Gb Paging File | 4.37 Gb Available in Paging File | 74.24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 457.46 Gb Total Space | 382.66 Gb Free Space | 83.65% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\Steam\steam.exe (Valve Corporation)

PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)

PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - \\?\C:\windows\System32\wbem\WMIADAP.EXE ()

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Steam\bin\libcef.dll ()

MOD - C:\Program Files\Steam\bin\chromehtml.dll ()

MOD - C:\Program Files\Steam\bin\avcodec-52.dll ()

MOD - C:\Program Files\Steam\bin\avformat-52.dll ()

MOD - C:\Program Files\Steam\bin\avutil-50.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Windows\System32\IccLibDll.dll ()

MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()

MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()

========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)

SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (UNS) Intel® -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel® -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (Intel® PROSet Monitoring Service) Intel® -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)

SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McOobeSv) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (SprintRcAppSvc) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe (PCTEL)

SRV - (CASprint) -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe (PCTEL)

SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (nusb3xhc) -- C:\windows\system32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV - (nusb3hub) -- C:\windows\system32\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV - (e1cexpress) Intel® -- C:\Windows\System32\drivers\e1c6232.sys (Intel Corporation)

DRV - (vmbus) -- C:\windows\system32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\windows\system32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (TsUsbGD) -- C:\windows\system32\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV - (dmvsc) -- C:\windows\system32\drivers\dmvsc.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\windows\system32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (MEI) Intel® -- C:\windows\system32\drivers\HECI.sys (Intel Corporation)

DRV - (IntcDAud) Intel® -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)

DRV - (Serial) -- C:\windows\system32\drivers\serial.sys (Brother Industries Ltd.)

DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)

DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\Windows\System32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)

DRV - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\System32\drivers\swmx00.sys (Sierra Wireless Inc.)

DRV - (swmsflt) -- C:\windows\System32\drivers\swmsflt.sys ()

DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV - (Nmea) -- C:\Windows\System32\drivers\pctnullport.sys (PCTEL Inc.)

DRV - (PCTINDIS5) -- C:\Windows\System32\PCTINDIS5.sys (PCTEL Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.altex.com\

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Coupons.com Customized Web Search"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2559647&SearchSource=13"

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 55818

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 07:44:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/11/29 10:17:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/25 19:07:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/26 17:25:45 | 000,000,000 | ---D | M]

[2011/08/16 16:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions

[2011/11/11 14:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\extensions

[2011/11/11 14:19:32 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}

[2011/10/25 23:26:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011/08/29 16:50:32 | 000,000,925 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\searchplugins\conduit.xml

[2011/11/26 17:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/25 19:07:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/11/26 17:25:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011/11/29 10:17:09 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE

[2011/11/10 07:44:25 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2011/11/25 19:07:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/07/13 15:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/07/13 15:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2011/06/07 12:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2011/08/11 21:16:35 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/08/11 21:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/08/11 21:16:35 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2011/08/11 21:16:35 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/11/25 19:07:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2011/08/11 21:16:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2011/08/11 21:16:35 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

Hosts file not found

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20111119071750.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE (Corel Corporation)

O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe File not found

O4 - HKCU..\Run: [rWWJJ7ffELgTZhY] C:\Users\Alex\AppData\Roaming\dwme.exe File not found

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7C22393-3CA8-4985-A846-B50BB2D5EF69}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -C:\windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) -C:\windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) -C:\windows\System32\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{432ef13d-c83d-11e0-b9c7-00224d501385}\Shell - "" = AutoRun

O33 - MountPoints2\{432ef13d-c83d-11e0-b9c7-00224d501385}\Shell\AutoRun\command - "" = K:\WIN\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (MACHINE BootExecut)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/29 10:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2011/11/29 10:15:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe

[2011/11/29 00:51:31 | 000,000,000 | R--D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp

[2011/11/29 00:30:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\dds.scr

[2011/11/28 23:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/11/27 12:02:23 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2011/11/26 17:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/11/26 17:25:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe

[2011/11/26 17:25:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe

[2011/11/26 17:25:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe

[2011/11/26 16:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2011/11/26 16:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2011/11/26 16:59:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/11/26 16:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2011/11/26 16:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011/11/26 16:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011/11/25 22:08:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\kggTTZqqjYwkIr

[2011/11/25 22:08:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\aWKK77fEL9

[2011/11/25 22:08:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\tiiibDD3on

[2011/11/25 22:08:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\GxxxA00ucS

[2011/11/25 22:08:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\C5aaQQH6dWK7RLg

[2011/11/17 23:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2011/11/17 23:17:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\IObit

[2011/11/17 23:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit

[2011/11/17 23:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyComputer

[2011/11/17 23:09:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Systweak

[2011/11/17 23:09:19 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\System32\roboot.exe

[2011/11/13 00:42:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Diagnostics

[2011/11/13 00:06:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\XcS1ibD3oGaHsJf

[2011/11/13 00:06:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\CwkIVrlONx0

[2011/11/13 00:02:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\7E570

[2011/11/13 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\hhhYYCwkkUrl

[2011/11/13 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012

[2011/11/13 00:02:28 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\wHHH6ssWJ7fL8gZ

[2011/11/13 00:02:25 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\fJJ77dEKKg

[2011/11/13 00:02:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\xZZZqhhYCwkUrlB

[2011/11/13 00:02:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\B44aammH5s

[2011/11/13 00:02:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\7C07E

[2011/11/11 17:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2011/11/11 16:47:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment

[2011/11/11 16:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard

[2011/11/08 23:14:55 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys

[2011/11/04 12:58:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ventrilo

[2011/11/04 12:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo

[2011/11/04 12:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo

[2011/11/04 12:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2011/04/10 12:06:46 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/11/29 10:20:56 | 000,014,848 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/11/29 10:20:56 | 000,014,848 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/11/29 10:20:39 | 000,697,224 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2011/11/29 10:20:39 | 000,130,424 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2011/11/29 10:15:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe

[2011/11/29 10:13:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2011/11/29 10:13:35 | 2369,904,640 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/29 01:03:26 | 000,007,595 | ---- | M] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg

[2011/11/29 00:30:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\dds.scr

[2011/11/27 14:40:53 | 000,286,726 | ---- | M] () -- C:\Users\Alex\AppData\Local\census.cache

[2011/11/27 14:40:53 | 000,118,386 | ---- | M] () -- C:\Users\Alex\AppData\Local\ars.cache

[2011/11/27 12:02:21 | 277,177,581 | ---- | M] () -- C:\windows\MEMORY.DMP

[2011/11/26 17:00:30 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011/11/26 16:16:17 | 000,001,242 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2011/11/26 16:16:17 | 000,001,218 | ---- | M] () -- C:\Users\Alex\Desktop\Spybot - Search & Destroy.lnk

[2011/11/26 15:37:36 | 000,000,036 | ---- | M] () -- C:\Users\Alex\AppData\Local\housecall.guid.cache

[2011/11/25 22:08:43 | 000,001,213 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\ahst.lni

[2011/11/19 02:00:36 | 000,001,652 | ---- | M] () -- C:\windows\System32\ASOROSet.bin

[2011/11/15 18:38:38 | 001,553,408 | ---- | M] () -- C:\Users\Alex\Documents\Kristen's christmas card.pub

[2011/11/13 00:29:17 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/11 17:37:40 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2011/11/09 03:18:03 | 000,439,040 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2011/11/04 12:58:17 | 000,000,262 | ---- | M] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2011/11/04 12:58:14 | 000,000,843 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk

========== Files Created - No Company Name ==========

[2011/11/27 12:10:43 | 000,007,595 | ---- | C] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg

[2011/11/27 12:02:21 | 277,177,581 | ---- | C] () -- C:\windows\MEMORY.DMP

[2011/11/26 16:59:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2011/11/26 16:59:54 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011/11/26 16:16:17 | 000,001,242 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2011/11/26 16:16:17 | 000,001,218 | ---- | C] () -- C:\Users\Alex\Desktop\Spybot - Search & Destroy.lnk

[2011/11/26 15:53:34 | 000,286,726 | ---- | C] () -- C:\Users\Alex\AppData\Local\census.cache

[2011/11/26 15:53:21 | 000,118,386 | ---- | C] () -- C:\Users\Alex\AppData\Local\ars.cache

[2011/11/26 15:37:36 | 000,000,036 | ---- | C] () -- C:\Users\Alex\AppData\Local\housecall.guid.cache

[2011/11/25 22:08:42 | 000,001,213 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\ahst.lni

[2011/11/19 01:28:20 | 000,001,652 | ---- | C] () -- C:\windows\System32\ASOROSet.bin

[2011/11/15 18:38:38 | 001,553,408 | ---- | C] () -- C:\Users\Alex\Documents\Kristen's christmas card.pub

[2011/11/11 16:15:16 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2011/11/04 12:58:14 | 000,000,843 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk

[2011/11/04 12:58:04 | 000,000,262 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2011/09/03 10:37:56 | 000,000,156 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\default.rss

[2011/08/16 13:50:25 | 000,001,682 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/06/01 14:43:16 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe

[2011/06/01 13:14:36 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll

[2011/04/10 12:43:10 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin

[2011/04/10 12:43:04 | 000,218,304 | ---- | C] () -- C:\windows\System32\igfcg600m.bin

[2011/04/10 12:43:00 | 000,963,116 | ---- | C] () -- C:\windows\System32\igkrng600.bin

[2011/04/10 12:42:50 | 000,056,832 | ---- | C] () -- C:\windows\System32\igdde32.dll

[2011/04/10 12:18:24 | 013,356,032 | ---- | C] () -- C:\windows\System32\ig4icd32.dll

[2011/04/10 12:04:02 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config

[2011/04/10 11:40:40 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll

[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/13 22:33:53 | 000,439,040 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/13 20:05:48 | 000,697,224 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/13 20:05:48 | 000,130,424 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

[2008/10/15 10:58:34 | 000,024,840 | ---- | C] () -- C:\windows\System32\drivers\swmsflt.sys

========== LOP Check ==========

[2011/11/18 00:05:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\7C07E

[2011/11/18 00:05:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\7E570

[2011/10/08 09:48:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AdventureTools

[2011/11/25 22:08:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\aWKK77fEL9

[2011/11/13 01:21:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\B44aammH5s

[2011/11/25 22:08:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\C5aaQQH6dWK7RLg

[2011/11/13 00:06:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\CwkIVrlONx0

[2011/11/13 00:02:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\fJJ77dEKKg

[2011/11/25 22:53:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GxxxA00ucS

[2011/11/13 00:02:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\hhhYYCwkkUrl

[2011/11/17 23:17:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\IObit

[2011/11/25 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\kggTTZqqjYwkIr

[2011/08/18 18:13:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LolClient

[2011/08/16 13:43:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sierra Wireless

[2011/11/19 02:02:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Systweak

[2011/11/25 22:08:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\tiiibDD3on

[2011/11/13 00:02:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\wHHH6ssWJ7fL8gZ

[2011/11/13 00:06:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\XcS1ibD3oGaHsJf

[2011/11/13 00:02:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\xZZZqhhYCwkUrlB

[2009/07/13 22:53:46 | 000,014,944 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Looks like tdss killer killed something... that's good right?

Yes, TDSSKiller take care for the most important part of the cleaning process.

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Coupons.com Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2559647&SearchSource=13"
[2011/11/11 14:19:32 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/07/13 15:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/13 15:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe File not found
O4 - HKCU..\Run: [rWWJJ7ffELgTZhY] C:\Users\Alex\AppData\Roaming\dwme.exe File not found
[2011/11/25 22:08:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\kggTTZqqjYwkIr
[2011/11/25 22:08:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\aWKK77fEL9
[2011/11/25 22:08:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\tiiibDD3on
[2011/11/25 22:08:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\GxxxA00ucS
[2011/11/25 22:08:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\C5aaQQH6dWK7RLg
[2011/11/13 00:06:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\XcS1ibD3oGaHsJf
[2011/11/13 00:06:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\CwkIVrlONx0
[2011/11/13 00:02:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\7E570
[2011/11/13 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\hhhYYCwkkUrl
[2011/11/13 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
[2011/11/13 00:02:28 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\wHHH6ssWJ7fL8gZ
[2011/11/13 00:02:25 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\fJJ77dEKKg
[2011/11/13 00:02:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\xZZZqhhYCwkUrlB
[2011/11/13 00:02:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\B44aammH5s
[2011/11/18 00:05:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\7C07E
[2011/11/18 00:05:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\7E570
[2011/11/25 22:08:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\aWKK77fEL9
[2011/11/13 01:21:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\B44aammH5s
[2011/11/25 22:08:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\C5aaQQH6dWK7RLg
[2011/11/13 00:06:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\CwkIVrlONx0
[2011/11/13 00:02:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\fJJ77dEKKg
[2011/11/25 22:53:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GxxxA00ucS
[2011/11/13 00:02:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\hhhYYCwkkUrl
[2011/11/25 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\kggTTZqqjYwkIr
[2011/11/25 22:08:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\tiiibDD3on
[2011/11/13 00:02:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\wHHH6ssWJ7fL8gZ
[2011/11/13 00:06:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\XcS1ibD3oGaHsJf
[2011/11/13 00:02:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\xZZZqhhYCwkUrlB

:Commands
[emptytemp]
[resethosts]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

Yes, TDSSKiller take care for the most important part of the cleaning process.

Awesome! :) Here is the log.

All processes killed

========== OTL ==========

Prefs.js: "Coupons.com Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "Coupons.com Customized Web Search" removed from browser.search.selectedEngine

Prefs.js: "http://search.conduit.com/?ctid=CT2559647&SearchSource=13" removed from browser.startup.homepage

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\searchplugin folder moved successfully.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\modules folder moved successfully.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\META-INF folder moved successfully.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\defaults folder moved successfully.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components folder moved successfully.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\chrome folder moved successfully.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\extensions\{37153479-1976-43c3-a1ee-557513977b64} folder moved successfully.

C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.

C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rWWJJ7ffELgTZhY deleted successfully.

C:\Users\Alex\AppData\Roaming\kggTTZqqjYwkIr folder moved successfully.

C:\Users\Alex\AppData\Roaming\aWKK77fEL9 folder moved successfully.

C:\Users\Alex\AppData\Roaming\tiiibDD3on folder moved successfully.

C:\Users\Alex\AppData\Roaming\GxxxA00ucS folder moved successfully.

C:\Users\Alex\AppData\Roaming\C5aaQQH6dWK7RLg folder moved successfully.

C:\Users\Alex\AppData\Roaming\XcS1ibD3oGaHsJf folder moved successfully.

C:\Users\Alex\AppData\Roaming\CwkIVrlONx0 folder moved successfully.

C:\Users\Alex\AppData\Roaming\7E570 folder moved successfully.

C:\Users\Alex\AppData\Roaming\hhhYYCwkkUrl folder moved successfully.

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012 folder moved successfully.

C:\Users\Alex\AppData\Roaming\wHHH6ssWJ7fL8gZ folder moved successfully.

C:\Users\Alex\AppData\Roaming\fJJ77dEKKg folder moved successfully.

C:\Users\Alex\AppData\Roaming\xZZZqhhYCwkUrlB folder moved successfully.

C:\Users\Alex\AppData\Roaming\B44aammH5s folder moved successfully.

C:\Users\Alex\AppData\Roaming\7C07E folder moved successfully.

Folder C:\Users\Alex\AppData\Roaming\7E570\ not found.

Folder C:\Users\Alex\AppData\Roaming\aWKK77fEL9\ not found.

Folder C:\Users\Alex\AppData\Roaming\B44aammH5s\ not found.

Folder C:\Users\Alex\AppData\Roaming\C5aaQQH6dWK7RLg\ not found.

Folder C:\Users\Alex\AppData\Roaming\CwkIVrlONx0\ not found.

Folder C:\Users\Alex\AppData\Roaming\fJJ77dEKKg\ not found.

Folder C:\Users\Alex\AppData\Roaming\GxxxA00ucS\ not found.

Folder C:\Users\Alex\AppData\Roaming\hhhYYCwkkUrl\ not found.

Folder C:\Users\Alex\AppData\Roaming\kggTTZqqjYwkIr\ not found.

Folder C:\Users\Alex\AppData\Roaming\tiiibDD3on\ not found.

Folder C:\Users\Alex\AppData\Roaming\wHHH6ssWJ7fL8gZ\ not found.

Folder C:\Users\Alex\AppData\Roaming\XcS1ibD3oGaHsJf\ not found.

Folder C:\Users\Alex\AppData\Roaming\xZZZqhhYCwkUrlB\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Alex

->Temp folder emptied: 148255 bytes

->Temporary Internet Files folder emptied: 13664568 bytes

->Java cache emptied: 139369 bytes

->FireFox cache emptied: 146493328 bytes

->Flash cache emptied: 1569 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3132463 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 156.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11292011_120458

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8272

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

11/29/2011 3:11:50 PM

mbam-log-2011-11-29 (15-11-50).txt

Scan type: Quick scan

Objects scanned: 155598

Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Alex\AppData\Roaming\ahst.lni (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

I have good news for you => You're system is clean! :)

Here are some tips to prevent future malware problems:

You need to ensure that you have the latest version of Adobe Reader. Before you download and install the latest version is important to uninstall the old one, so for this purpose: Click Start => Control Panel => Add or Remove Programs highlight it and click on Remove button. Next, click on each of the programs to download it:

Slowly and carefully install applications and then restart your computer.

Let the cleaning tools we use. First get rid of OTL:

  1. Double-click OTL.exe to start the program.
  2. Close all other programs apart from OTL as this step will require a reboot
  3. On the OTL main screen, press the CLEANUP button
  4. Say Yes to the prompt and then allow the program to reboot your computer.

At this stage, you don't need the online scanner, so:

To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.

Please manually delete TDSSKiller and ResetTeaTimer.

Some quick tips:

  1. Alternative browser - Due to the large market share of Internet Explorer, it is a top target of the writers of malware, so we recommend using an alternative browser. There are many better alternatives to Internet Explorer regarding security, features and speed such as:

[*]Program updates - Updating the software is really important for the productivity, but also for their security. Here is an application that will help in checking the new versions and updates for your programs. It is called FileHippo Update Checker and you can download it from here.

[*]Clear old system restore points - Once your system is infected as a result there will be infected restore points that need to be cleaned.

  1. Open Start => All Programs => Accessories => System tools => Disk Cleanup.
  2. In the Drop down box that appears select your main drive e.g. C:\
  3. Click OK.
  4. The System will do some calculation and display a dialogue box with TABS.
  5. Select the More Options tab.
  6. At the bottom will be a system restore box with a CLEANUP button. Click on it.
  7. Accept the Warning and select OK again, the program will close and you are done.

[*]Create a new system restore point - Now that everything is fine, it is necessary to create a new restore point to restore your system to an earlier stage in case you get a problem. Do the following:

  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  2. In the System Restore dialog box, click Create a restore point, and then click Next.
  3. Type a description for your restore point, such as "After Cleanup", then click Create.

Safe surfing! ;)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.