TechSpot

Infected with Sirefef virus

Inactive
By Ineptrit
Sep 15, 2012
  1. Firstly, thank you for all of the wonderful help I've seen you offer the people here; I truly have nothing but respect for what you do voluntarily. I've seen several other posts about the sirefef virus, but all of them are individual cases, with instruction not to use the same "cure" meant for one individual computer, so I have come here to make my own seperate post and request help.

    My computer is running slower than usual, my browser is getting redirected randomnly to possibly dangerous sites, and I would really like to fix this before it becomes any worse. Thank you so much for your help in advance!

    Here are the log files you request in the 5-step thread.


    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.15.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    alexgaming :: ALEXGAMINGPC [administrator]

    15/09/2012 11:42:36
    mbam-log-2012-09-15 (11-42-36).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218441
    Time elapsed: 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 126
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz116.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz14A5.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz153F.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz15F4.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz172C.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz222C.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz2374.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz253F.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz257.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz29E1.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz2EBB.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz3198.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz370.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz396A.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz3AEA.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz3C7C.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz3CF7.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz456C.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz45C7.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz4666.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz474B.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz4D05.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz4D38.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz4DA3.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz4E6F.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz4ECD.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz4F4B.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz51B6.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz538C.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz59BC.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz5AD0.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz5B00.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz5BAD.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz6438.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz6522.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz65A0.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz65E4.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz66DA.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz66F2.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz6DA.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz70C.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz7295.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz742C.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz74AA.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz7670.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz7862.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz7ADB.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz7B8F.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz7CDE.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz7D69.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz7DCE.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz7FD0.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz8723.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz87FD.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz8890.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz8C6A.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz8CD3.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz8D27.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz8E1C.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz9132.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz947F.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz95C8.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz96D9.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz9892.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz98F0.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz9B4E.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz9B90.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz9C2F.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz9D3A.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz9DE8.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz9E79.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trz9F2F.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzA09C.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzA358.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzA5A7.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzA6F1.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzAC77.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzAD06.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzAD4E.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzAD99.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzAEE5.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzBC3B.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzBD63.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzBD8F.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzC12B.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzC41D.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzC469.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzC494.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzC4D.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzCDE8.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzCEED.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzCF4D.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzCF62.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzD196.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzD1A.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzD2A0.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzD4E.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzD5A9.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzD6B4.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzDA85.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzE051.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzE0A1.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzE2ED.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzE3B.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzE694.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzE9A6.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzEA86.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzEACD.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzEB34.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzECD5.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzEE6D.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzEFB1.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzF1CC.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzF3CC.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzF42F.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzF57D.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzF5B2.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzF617.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzF66F.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzF6F4.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzF889.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzF8C3.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzF974.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzFA8E.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{49765438-8b06-6215-2ff5-0d078bdca585}\U\trzFF.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-15 12:17:21
    Windows 6.1.7601 Service Pack 1
    Running: 3qkj9d6w.exe
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026833892d9
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026833892d9 (not active ControlSet)
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\alexgaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sleeping Dogs.v 1.5 + 12 DLC\Sleeping Dogs.(Ëàóí\xf7åð).lnk 1
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sleeping Dogs.v 1.5 + 12 DLC\Sleeping Dogs.(Ëàóí\xf7åð).lnk 1
    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by alexgaming at 12:21:04 on 2012-09-15
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8159.5574 [GMT 1:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
    C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Gizmo\gservice.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    E:\Steam\Steam.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    E:\LoL replays\LOLReplay\LOLRecorder.exe
    C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe
    C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Users\alexgaming\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Corsair\M90 Mouse\CorsTra.exe
    C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
    C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
    C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
    C:\Users\alexgaming\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\alexgaming\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\alexgaming\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe
    C:\Program Files (x86)\COMODO\GeekBuddy\unit.exe
    C:\Users\alexgaming\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\alexgaming\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
    C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\alexgaming\Downloads\3qkj9d6w.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://friendly-google-search.blogspot.com
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - E:\Free Download Manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [Google Update] "C:\Users\alexgaming\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Steam] "E:\Steam\Steam.exe" -silent
    uRun: [DAEMON Tools Lite] "E:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [RoccatIsku] "C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE"
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
    mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Corsair Garros] C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\ALEXGA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\alexgaming\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - E:\LoL replays\LOLReplay\LOLRecorder.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all with Free Download Manager - file://E:\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://E:\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://E:\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://E:\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{E2598638-B5A7-433F-89D5-8A3F302AFF2E} : DhcpNameServer = 194.168.4.100 194.168.8.100
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO-X64: IESpeakDoc - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [RoccatIsku] "C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE"
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
    mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [Corsair Garros] C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 GizmoDrv;Gizmo Device Driver;C:\Windows\system32\drivers\GizmoDrv.sys --> C:\Windows\system32\drivers\GizmoDrv.sys [?]
    R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\system32\DRIVERS\hssdrv6.sys --> C:\Windows\system32\DRIVERS\hssdrv6.sys [?]
    R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240]
    R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-2 915584]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-4-18 586880]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-14 44808]
    R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [2012-8-23 70352]
    R2 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2012-4-19 34728]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-9-1 8704]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-18 1258856]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-28 382312]
    R2 tvnserver;TightVNC Server;C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe [2012-1-27 828944]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
    R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
    R3 CORSGMS;Corsair M90 Gaming Mouse;C:\Windows\system32\drivers\CORSGMS.sys --> C:\Windows\system32\drivers\CORSGMS.sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 phaudlwr;Philips Audio Filter;C:\Windows\system32\DRIVERS\phaudlwr.sys --> C:\Windows\system32\DRIVERS\phaudlwr.sys [?]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
    S1 CFRMD;CFRMD;C:\Windows\system32\DRIVERS\CFRMD.sys --> C:\Windows\system32\DRIVERS\CFRMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-14 250056]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17152]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
    S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-5-16 738152]
    .
    =============== Created Last 30 ================
    .
    2012-09-15 10:41:15--------d-----w-C:\Users\alexgaming\AppData\Roaming\Malwarebytes
    2012-09-15 10:41:1025928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-15 10:41:10--------d-----w-C:\ProgramData\Malwarebytes
    2012-09-15 10:41:09--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-15 05:58:58--------d-----w-C:\Users\alexgaming\AppData\Local\{40435E00-E1B9-40BB-8743-0CCDE86FD08F}
    2012-09-14 21:28:09--------d-----w-C:\Users\alexgaming\AppData\Local\PMB Files
    2012-09-14 21:28:09--------d-----w-C:\ProgramData\PMB Files
    2012-09-14 21:10:30--------d-----w-C:\Windows\SysWow64\Logs
    2012-09-11 16:49:23--------d-----w-C:\Users\alexgaming\AppData\Local\{55E48057-4F82-4E88-9815-B3D8D823ABD3}
    2012-09-07 16:46:02--------d-----w-C:\Users\alexgaming\AppData\Local\{752D6C7C-9F13-473B-8DCB-4D699193E095}
    2012-09-07 04:45:38--------d-----w-C:\Users\alexgaming\AppData\Local\{330021D4-1393-4A77-B9DF-C91D2D9D5BDA}
    2012-09-06 16:45:14--------d-----w-C:\Users\alexgaming\AppData\Local\{2452034D-D8D1-4538-AE07-DFF2FEEAABAE}
    2012-09-06 04:15:17--------d-----w-C:\Users\alexgaming\AppData\Local\{F785E8F1-02B9-47F9-8E17-82FA9F053F99}
    2012-09-05 16:14:52--------d-----w-C:\Users\alexgaming\AppData\Local\{257029AF-A518-4FF1-971F-D3BE040177F3}
    2012-09-05 04:14:40--------d-----w-C:\Users\alexgaming\AppData\Local\{0FFFAD7B-A0AF-4E81-8630-397504EB3637}
    2012-09-04 23:32:53--------d-----w-C:\Users\alexgaming\AppData\Local\SCE
    2012-09-04 23:32:53--------d-----w-C:\Crash
    2012-09-04 16:14:28--------d-----w-C:\Users\alexgaming\AppData\Local\{7FE8CC1E-225A-4697-A92F-2ED3B38C245C}
    2012-09-04 04:14:07--------d-----w-C:\Users\alexgaming\AppData\Local\{7B3A2D4D-64EE-4A1C-B093-B413E31F19BA}
    2012-09-03 23:09:16--------d-----w-C:\Users\alexgaming\AppData\Local\NBGI
    2012-09-03 16:13:55--------d-----w-C:\Users\alexgaming\AppData\Local\{AA68C803-8617-4924-9BAC-B58E2FE52289}
    2012-09-03 04:13:44--------d-----w-C:\Users\alexgaming\AppData\Local\{701305D2-AA1D-4F31-A0F5-8221D23E50B1}
    2012-09-02 02:49:06--------d-----w-C:\Users\alexgaming\AppData\Local\{12BA3114-F2E8-455F-92B8-078ED9D0CCA5}
    2012-09-01 20:01:01--------d-----w-C:\Program Files (x86)\Hi-Rez Studios
    2012-09-01 14:48:37--------d-----w-C:\Users\alexgaming\AppData\Local\{D2C0FC17-05D2-4148-8176-4FF30B6F3084}
    2012-09-01 02:48:15--------d-----w-C:\Users\alexgaming\AppData\Local\{6C584655-4B1A-4A88-8C55-563AD15EA3AE}
    2012-08-31 14:47:52--------d-----w-C:\Users\alexgaming\AppData\Local\{FB366727-6C22-4067-8487-8002D7FCDC69}
    2012-08-31 02:47:36--------d-----w-C:\Users\alexgaming\AppData\Local\{C937BDD1-468F-4D71-8072-6DF8075F2511}
    2012-08-30 14:47:13--------d-----w-C:\Users\alexgaming\AppData\Local\{29C9520A-6DE2-45CB-ADF4-7778A2FF685E}
    2012-08-30 12:43:43--------d-----w-C:\Program Files (x86)\COMODO
    2012-08-30 12:43:43--------d-----w-C:\Program Files (x86)\Common Files\Comodo
    2012-08-30 02:46:30--------d-----w-C:\Users\alexgaming\AppData\Local\{0A225578-D006-469F-9E3D-29FB0BF86D3C}
    2012-08-29 14:46:19--------d-----w-C:\Users\alexgaming\AppData\Local\{571FB574-67EB-402E-8366-A95D203E40A3}
    2012-08-29 02:45:56--------d-----w-C:\Users\alexgaming\AppData\Local\{57B71C0E-3073-42C3-B529-83A1FAA4C676}
    2012-08-28 14:45:33--------d-----w-C:\Users\alexgaming\AppData\Local\{A1EB2216-DB13-418A-9DB9-D502C0434F9D}
    2012-08-28 02:45:22--------d-----w-C:\Users\alexgaming\AppData\Local\{2F99A037-A9AC-440A-80E1-FB178A4BB322}
    2012-08-27 14:45:10--------d-----w-C:\Users\alexgaming\AppData\Local\{CC80AAAA-104D-4B4D-83BF-103C6CA31F64}
    2012-08-27 02:44:58--------d-----w-C:\Users\alexgaming\AppData\Local\{92A34965-B6F2-46A3-ABAF-8E55EB1BAD42}
    2012-08-26 14:44:34--------d-----w-C:\Users\alexgaming\AppData\Local\{9D36727A-A9DD-42F7-991C-EB234EAD5891}
    2012-08-26 02:43:59--------d-----w-C:\Users\alexgaming\AppData\Local\{4B32BBE4-6E8E-4E15-93AE-0AC981B3B369}
    2012-08-25 14:43:47--------d-----w-C:\Users\alexgaming\AppData\Local\{5F309A93-6D04-4FBD-98F8-F1E61F4DD3EE}
    2012-08-25 02:43:23--------d-----w-C:\Users\alexgaming\AppData\Local\{21489FE9-97AB-4C12-AABD-57B873FCB3EB}
    2012-08-24 14:43:12--------d-----w-C:\Users\alexgaming\AppData\Local\{B1DCB7A5-6EEA-411B-AE75-011DE7F5B878}
    2012-08-24 02:45:07--------d-----w-C:\Users\alexgaming\AppData\Local\{772280B4-C770-4323-AC91-258E844B5CA7}
    2012-08-23 21:21:0366728----a-w-C:\Windows\System32\drivers\vrtaucbl.sys
    2012-08-23 21:21:03--------d-----w-C:\Program Files\Virtual Audio Cable
    2012-08-23 14:44:44--------d-----w-C:\Users\alexgaming\AppData\Local\{AA6945EF-CCE0-449F-8B4A-40FC362D76DA}
    2012-08-23 02:44:21--------d-----w-C:\Users\alexgaming\AppData\Local\{960DD2B2-F0C0-421F-B3AA-B412B84625DC}
    2012-08-22 14:44:10--------d-----w-C:\Users\alexgaming\AppData\Local\{DB373E0B-3DB1-4208-9F3C-6B5D95314610}
    2012-08-22 02:43:46--------d-----w-C:\Users\alexgaming\AppData\Local\{1F9A1F4B-9DD3-498B-A9D1-D1F9F1154A7C}
    2012-08-21 14:43:24--------d-----w-C:\Users\alexgaming\AppData\Local\{246AEBC1-801F-492F-8718-FF2F55B720AF}
    2012-08-21 02:43:12--------d-----w-C:\Users\alexgaming\AppData\Local\{12318413-2703-4AC5-9C6D-7E3785C21939}
    2012-08-20 14:42:48--------d-----w-C:\Users\alexgaming\AppData\Local\{10510632-2A7A-46CA-8BAB-91A578BAEA34}
    2012-08-19 14:42:10--------d-----w-C:\Users\alexgaming\AppData\Local\{535A41F8-A3C0-4BAF-AE79-C1A261400DAD}
    2012-08-19 02:41:46--------d-----w-C:\Users\alexgaming\AppData\Local\{440E5305-7774-4878-951D-8CD6EAD7E1C3}
    2012-08-18 14:41:13--------d-----w-C:\Users\alexgaming\AppData\Local\{C58FEAC5-DC7C-4D97-9B42-170D95E08595}
    2012-08-18 02:41:01--------d-----w-C:\Users\alexgaming\AppData\Local\{FB0E8929-15AE-4CEC-97F6-F2CDB38CDF01}
    2012-08-18 02:40:39--------d-----w-C:\Users\alexgaming\AppData\Local\{1ED3848F-4659-4BEE-96CE-2FAAA3776DBE}
    2012-08-17 14:40:27--------d-----w-C:\Users\alexgaming\AppData\Local\{9EF875D7-2EAF-46FA-AE29-10E15BC01540}
    2012-08-17 14:40:04--------d-----w-C:\Users\alexgaming\AppData\Local\{078F275D-CDFE-46EE-9BED-FC3B8B252E7C}
    2012-08-17 02:39:52--------d-----w-C:\Users\alexgaming\AppData\Local\{9A313EAC-CAF6-478B-93AB-B1B554D77CF7}
    2012-08-17 02:39:32--------d-----w-C:\Users\alexgaming\AppData\Local\{B8580B95-BD3A-40EE-87A8-C2C51315D441}
    2012-08-16 18:04:32--------d-sh--w-C:\Users\alexgaming\AppData\Local\ms-drivers
    2012-08-16 17:56:29--------d-sh--w-C:\Users\alexgaming\AppData\Local\icsxml
    2012-08-16 17:46:58307088----a-w-C:\Windows\SysWow64\networkdlllsp.dll
    2012-08-16 17:46:54--------d-----w-C:\Users\alexgaming\AppData\Local\BattlePing
    2012-08-16 17:46:50--------d-sh--w-C:\Users\alexgaming\wc
    2012-08-16 17:46:45--------d-sh--w-C:\Users\alexgaming\AppData\Roaming\wyUpdate AU
    2012-08-16 17:46:38--------d-----w-C:\Program Files (x86)\BattlePing
    2012-08-16 14:39:21--------d-----w-C:\Users\alexgaming\AppData\Local\{84910422-DACD-4764-9994-CC001304107E}
    2012-08-16 14:38:49--------d-----w-C:\Users\alexgaming\AppData\Local\{2116B6F1-83F2-4CAB-A3DA-021038E79B99}
    .
    ==================== Find3M ====================
    .
    2012-08-21 09:13:13969200----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2012-08-21 09:13:1271600----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2012-08-21 09:13:1254072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2012-08-21 09:12:3341224----a-w-C:\Windows\avastSS.scr
    2012-08-15 05:30:0470344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 05:30:04426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-09 13:19:15348160----a-w-C:\Windows\SysWow64\msvcr71.dll
    2012-08-03 09:23:2835064----a-w-C:\Windows\System32\drivers\CFRMD.sys
    2012-08-03 09:23:2835064----a-w-C:\Windows\inf\lps-ca\cfrmd.sys
    2012-08-02 23:26:47446464----a-w-C:\Windows\NEXON_EU_DownloaderUpdater.exe
    2012-08-02 23:26:47235----a-w-C:\Windows\SysWow64\nxEuUninstall.bat
    2012-08-01 18:13:4241704----a-w-C:\Windows\System32\drivers\hssdrv6.sys
    2012-08-01 18:13:4038632----a-w-C:\Windows\System32\drivers\taphss.sys
    2012-06-28 23:56:152667062----a-w-C:\Windows\System32\nvcoproc.bin
    2012-06-28 23:55:573266408----a-w-C:\Windows\System32\nvsvc64.dll
    2012-06-28 23:55:466193000----a-w-C:\Windows\System32\nvcpl.dll
    2012-06-28 23:55:402557800----a-w-C:\Windows\System32\nvsvcr.dll
    2012-06-28 23:55:40118120----a-w-C:\Windows\System32\nvmctray.dll
    2012-06-28 23:55:39891240----a-w-C:\Windows\System32\nvvsvc.exe
    2012-06-28 23:55:3963336----a-w-C:\Windows\System32\nvshext.dll
    2012-06-28 16:44:42428904----a-w-C:\Windows\SysWow64\nvStreaming.exe
    2012-06-23 15:22:5555384----a-w-C:\Windows\System32\drivers\SBREDrv.sys
    2012-06-23 15:22:4569376----a-w-C:\Windows\System32\drivers\Lbd.sys
    2012-06-18 12:04:21476936----a-w-C:\Windows\SysWow64\npdeployJava1.dll
    2012-06-18 12:04:21472840----a-w-C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 12:21:32.20 ===============
  2. Ineptrit

    Ineptrit TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 18/04/2012 11:21:40
    System Uptime: 15/09/2012 11:45:12 (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8Z68-V GEN3
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 11.951 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 1863 GiB total, 984.994 GiB free.
    F: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP122: 13/09/2012 21:50:12 - Installed XSplit
    RP123: 14/09/2012 22:24:41 - Removed League of Legends
    RP124: 14/09/2012 22:44:54 - Installed League of Legends
    .
    ==== Installed Programs ======================
    .
    ɱ³öÖØΧ3ÈËÀà¸ïÃü
    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.2
    Adobe Shockwave Player 11.6
    AI Suite II
    Alan Wake
    Alan Wake's American Nightmare
    ARMA 2: Free
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Assassin's Creed Revelations
    µTorrent
    avast! Free Antivirus
    AVS Update Manager 1.0
    AVS Video Converter 8
    AVS4YOU Software Navigator 1.4
    Bastion
    BATMAN VENGEANCE
    Batman.Arkham City.v 1.03 + 13 DLC
    Battlefield 3 v1.04
    BattlePing 1.3.0.9
    Brawl Busters
    Bullet Run
    Burnout Paradise: The Ultimate Box
    Camtasia Studio 6
    Cheat Engine 6.1
    Corsair M90 Gaming Mouse Driver V1.0
    Crysis
    Crysis 2
    Crysis Wars(R)
    Crysis(R)
    D3DX10
    DAEMON Tools Lite
    Dark Souls Prepare to Die Edition
    Dead Island
    Dead Island Ryder White DLC
    Doom 3 + Resurrection of Evil
    Dota 2
    Dropbox
    Dungeon Defenders
    Dungeons and Dragons Anthology: The Master Collection
    Europe MapleStory
    Fallout New Vegas
    FIFA 09
    FIFA 12 1.03
    Fraps (remove only)
    Free Download Manager 3.9
    gBurner
    GeekBuddy
    Gizmo Central
    Google Chrome
    Grand Theft Auto 2
    Grand Theft Auto IV
    Grand Theft Auto: Episodes from Liberty City
    Grand Theft Auto: San Andreas
    Grand Theft Auto: Vice City
    Guild Wars
    Guild Wars 2
    Hammer & Sickle
    Hi-Rez Studios Authenticate and Update Service
    Intel(R) Management Engine Components
    Intel® Watchdog Timer Driver (Intel® WDT)
    Java Auto Updater
    Java(TM) 6 Update 33
    JDownloader 0.9
    JMicron JMB36X Driver
    Just Cause 2
    Kingdoms of Amalur Reckoning
    L.A. Noire
    League of Legends
    Left 4 Dead 2
    Lego Batman 2 - DC Super Heroes
    Livestream Procaster
    LOLReplay
    Lost Planet 2
    Magicka
    Malwarebytes Anti-Malware version 1.65.0.1400
    Mass Effect
    Mass Effect 2
    Mass Effect™ 3
    Megaman X5
    Megaman X6
    MegamanX3
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    Mumble 1.2.3
    Need For Speed.Shift 2 Unleashed
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Oblivion
    Pando Media Booster
    Path of Exile
    Portal 2
    Prince of Persia Trilogy
    Pro Evolution Soccer 2012
    Project64 1.6
    Prototype™
    Realm of the Mad God
    Realtek High Definition Audio Driver
    ROCCAT Isku Keyboard Driver
    RockMan X7
    Rockstar Games Social Club
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Serious Sam 3 BFE
    Shank
    Shank 2
    Sid Meier's Civilization V - Game of the Year Edition
    Skype™ 5.10
    Sleeping Dogs
    Sleeping Dogs version SKIDROW
    Sleeping Dogs.v 1.5 + 12 DLC
    Smite
    Sniper Elite V2 1.00
    Sonic The Hedgehog 4 - Episode 2 + Update 1
    Spotify
    Steam
    Street Fighter X Tekken
    Super Mario Fusion Mushroom Kingdom Hearts version 4.4.1
    Super Monday Night Combat
    Super Street Fighter IV
    swMSM
    Team Fortress 2
    Terraria
    The Binding of Isaac
    The Chronicles of Riddick - Assault on Dark Athena
    The Darkness II
    Thief - Deadly Shadows
    Titan Quest
    Titan Quest Immortal Throne
    Tom Clancy's Rainbow Six Vegas 2
    Tom Clancy's Splinter Cell: Conviction
    Tony Hawk's American Wasteland
    Torchlight
    Total War Shogun 2 - Fall Of The Samurai
    Trine 2
    Tunngle beta
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 2.0.1
    WinAVI All in One Converter
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    XSplit
    Ys Origin version 1
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15/09/2012 11:45:22, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CFRMD
    15/09/2012 11:45:21, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    15/09/2012 11:45:21, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    15/09/2012 11:45:21, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
    15/09/2012 11:45:20, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    15/09/2012 11:45:14, Error: Application Popup [1060] - \SystemRoot\system32\DRIVERS\CFRMD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    15/09/2012 11:37:02, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    14/09/2012 22:46:57, Error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 3 time(s).
    14/09/2012 22:45:58, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    14/09/2012 21:38:33, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    .
    ==== End Of File ===========================
    Thank you again for your help!!
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  4. Ineptrit

    Ineptrit TS Rookie Topic Starter

    Hi, DMJ, Thank you for replying to me. I am sadly having a few issues with using the instructions you gave. Upon restarting my PC and pressing F8, the only option that comes up asks which device I want to boot from.

    ATAPI iHOS104 - I believe my DVD drive - f:/
    ST2000DM001-9YN164 - my 2tb hdd e:/
    OCZ-AGILITY3 - my ssd drive (c:/)
    Lexar USB Flash Drive 1100 - my flash drive g:/
    If I choose the Flash drive, it tells me that BOOTMGR is missing - press Ctrl+Alt+Del to restart.

    If I choose the last option, I can get into the bios utility, but I don't see anything that looks like Advanced Boot Options or System Recovery Options. Sorry if this is a basic thing but I am very lost right now :( I also do not have a physical windows DVD, so the option of booting from that is not possible.
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Back to Normal Mode then, please...

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    avast! aswMBR

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
  6. Ineptrit

    Ineptrit TS Rookie Topic Starter

    As requested, please find the first log attached, as it was pretty huge. The other is below.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-15 23:04:23
    -----------------------------
    23:04:23.574 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:04:23.574 Number of processors: 4 586 0x2A07
    23:04:23.574 ComputerName: ALEXGAMINGPC UserName: alexgaming
    23:04:28.907 Initialize success
    23:04:28.968 AVAST engine defs: 12091500
    23:04:33.997 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    23:04:34.000 Disk 0 Vendor: ST2000DM001-9YN164 CC4C Size: 1907729MB BusType: 11
    23:04:34.006 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
    23:04:34.009 Disk 1 Vendor: OCZ-AGILITY3 2.15 Size: 114473MB BusType: 11
    23:04:34.016 Disk 1 MBR read successfully
    23:04:34.019 Disk 1 MBR scan
    23:04:34.023 Disk 1 Windows 7 default MBR code
    23:04:34.026 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    23:04:34.031 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    23:04:34.036 Disk 1 scanning C:\Windows\system32\drivers
    23:04:35.008 Service scanning
    23:04:38.303 Modules scanning
    23:04:38.312 Disk 1 trace - called modules:
    23:04:38.321 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    23:04:38.327 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006f3c060]
    23:04:38.330 3 CLASSPNP.SYS[fffff88001bb043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006d37060]
    23:04:38.504 AVAST engine scan C:\Windows
    23:04:38.799 AVAST engine scan C:\Windows\system32
    23:04:59.467 AVAST engine scan C:\Windows\system32\drivers
    23:05:00.681 AVAST engine scan C:\Users\alexgaming
    23:05:31.923 AVAST engine scan C:\ProgramData
    23:05:42.063 Scan finished successfully
    23:06:12.370 Disk 1 MBR has been saved successfully to "C:\Users\alexgaming\Desktop\MBR.dat"
    23:06:12.373 The log file has been saved successfully to "C:\Users\alexgaming\Desktop\aswMBR.txt"


    Thank you again for the help

    Attached Files:

  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! This is the last check-in for you. Please update us on your situation here. We'd love to help!


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.