Mugen Posted April 28, 2014 Share Posted April 28, 2014 For some odd reason google is slow and sometimes my internet is kind of slow 98Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 4:20:22 PM, on 4/28/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16720) FIREFOX: 28.0 (en-US) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\SlimDrivers\SlimDrivers.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Mike\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=ir_14_15_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzyyB0EyE0D0EyD0ByCyB0B0ByEtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0ByB0E0AtB0DyDtGtAzztA0EtG0EyCzztBtGyEyE0C0FtGyE0DtA0Dzyzz0CtAyDyCtAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEtA0A0C0DtByCtGzytDyE0BtGtAyEyCyCtGyDtCtD0AtGyB0FyDtA0BzzzzyEtByB0D0E2Q&cr=1575545163&ir= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 5682 bytes Link to comment Share on other sites More sharing options...
Satchfan Posted April 29, 2014 Share Posted April 29, 2014 Hello Mugen and welcome to the The Pit.My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier: please follow all instructions in the order posted please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked if you don't understand something, please don't hesitate to ask for clarification before proceeding the fixes are specific to your problem and should only be used for this issue on this machine. please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed! IMPORTANT:Please DO NOT install/uninstall any programs unless asked to.Please DO NOT run any scans other than those requestedRun DDSPlease download DDS by sUBs from the following link and save it to your desktop. DDS.pif disable any script blocking protection (How to Disable your Security Programs) double click DDS icon to run the tool (may take up to 3 minutes to run) when done, DDS.txt will open after a few moments, attach.txt will open in a second window save both reports to your desktop Post the contents of the DDS.txt and Attach.txt reports in your next reply. ===================================================Run aswMBR download aswMBR.exe to your desktop. double click aswMBR.exe to run it if asked, accept the AVAST virus definition download click the "Scan" button to start scan on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet. Please include the following in your next post :DDS.txtAttach.txtaswMBR logThanksSatchfan Link to comment Share on other sites More sharing options...
rubysmith Posted April 29, 2014 Share Posted April 29, 2014 No matter how fast your Internet connection is, there are times when things will slow down to a crawl. The type of Internet connection you use is the most important factor in determining your connection speed. The three most common ways to connect to the Internet from home are dial-up, DSL, and cable. If you have a choice, cable is usually the fastest, but both DSL and cable are faster than dial-up.The health of your computer can affect your Internet connection. Spyware and viruses can definitely cause problems, but your Internet connection speed can also be affected by add-on programs, the amount of memory the computer has, hard disk space and condition, and the programs that are running. Link to comment Share on other sites More sharing options...
Mugen Posted April 29, 2014 Author Share Posted April 29, 2014 DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16720 Run by Mike at 13:30:43 on 2014-04-29 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2550.956 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\system32\taskeng.exe C:\Program Files\SlimDrivers\SlimDrivers.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . mStart Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_15_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzyyB0EyE0D0EyD0ByCyB0B0ByEtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0ByB0E0AtB0DyDtGtAzztA0EtG0EyCzztBtGyEyE0C0FtGyE0DtA0Dzyzz0CtAyDyCtAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEtA0A0C0DtByCtGzytDyE0BtGtAyEyCyCtGyDtCtD0AtGyB0FyDtA0BzzzzyEtByB0D0E2Q&cr=1575545163&ir= BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Google Update] "c:\users\mike\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: $talisma_url$ . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.254 TCP: Interfaces\{222C3531-8E14-40E4-87CF-8313BA547688} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\16474777966696 : DHCPNameServer = 192.168.40.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\2375942554139383 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\44168616B6 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\45F4E45495E4544575F425B4 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\8686F6E6F62737 : DHCPNameServer = 100.45.26.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\C696E6B6379737 : DHCPNameServer = 24.116.2.50 24.116.2.34 Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2014-4-23 269728] R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-3-8 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-3-8 180632] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-4-23 26136] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-3-8 776976] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-3-8 411552] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088] R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-23 24184] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-3-8 67824] R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-3-8 67776] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-23 50344] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-4-23 109048] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-5 1153368] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-9-5 15872] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-11-1 13464] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-5 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-5 1343400] . =============== Created Last 30 ================ . 2014-04-28 20:05:00 -------- d-----w- c:\users\mike\appdata\local\Mozilla 2014-04-28 08:45:30 -------- d-----w- c:\program files\Special Uninstaller 2014-04-28 08:37:12 -------- d-----w- c:\users\mike\appdata\roaming\eCyber 2014-04-28 08:36:43 38912 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys 2014-04-28 08:36:16 -------- d-----w- c:\users\mike\appdata\roaming\iSafe 2014-04-23 15:18:03 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-04-23 15:18:01 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-04-23 15:17:45 43152 ----a-w- c:\windows\avastSS.scr 2014-04-23 15:17:01 269728 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys 2014-04-18 03:04:43 -------- d-----w- c:\programdata\Package Cache 2014-04-13 21:19:29 -------- d-----w- C:\SUPERDelete 2014-04-02 18:47:01 -------- d-----w- c:\program files\Zamzom 2014-04-02 18:43:06 -------- d-----w- c:\users\mike\appdata\roaming\Overlook 2014-04-02 18:40:40 -------- d-----w- c:\program files\WinPcap 2014-04-02 18:40:35 -------- d-----w- c:\programdata\Overlook 2014-04-02 18:39:05 -------- d-----w- c:\program files\NirSoft . ==================== Find3M ==================== . 2014-04-29 17:21:33 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2014-04-23 15:17:47 67776 ----a-w- c:\windows\system32\drivers\aswStm.sys 2014-04-23 15:17:47 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-04-23 15:17:46 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-04-23 15:17:46 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-04-23 15:17:46 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-04-23 15:17:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-03-27 17:16:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-03-27 17:16:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ============= FINISH: 13:31:50.23 =============== Link to comment Share on other sites More sharing options...
Mugen Posted April 29, 2014 Author Share Posted April 29, 2014 . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 9/5/2011 12:08:03 AM System Uptime: 4/29/2014 12:20:52 PM (1 hours ago) . Motherboard: Dell Inc. | | 0FT292 Processor: Intel® Core2 CPU T7400 @ 2.16GHz | Microprocessor | 2167/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 56 GiB total, 2.233 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Teredo Tunneling Adapter Device ID: ROOT\*TEREDO\0000 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TEREDO\0000 Service: tunnel . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 2007 Microsoft Office Suite Service Pack 2 (SP2) 7-Zip 9.20 Adobe Flash Player 11 ActiveX Adobe Flash Player 12 Plugin Adobe Shockwave Player 12.0 ApexDC++ 1.5.12 avast! Internet Security CCleaner CDBurnerXP Conexant HDA D110 MDC V.92 Modem Google Chrome Google Talk Plugin Google Update Helper ImgBurn Intel® Graphics Media Accelerator Driver IrfanView (remove only) Microsoft .NET Framework 4 Client Profile Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 MPC-HC 1.7.1 NirSoft Wireless Network Watcher qBittorrent 3.1.2 Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) SlimDrivers Spybot - Search & Destroy SUPERAntiSpyware swMSM TinyPDF 2.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) winpcap-overlook 4.02 WizTree v1.07 Zamzom Wireless . ==== Event Viewer Messages From Past Week ======== . 4/28/2014 3:34:19 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/28/2014 3:34:19 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 4/28/2014 3:33:44 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/28/2014 10:45:35 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 4/23/2014 10:18:38 AM, Error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File =========================== Link to comment Share on other sites More sharing options...
Mugen Posted April 29, 2014 Author Share Posted April 29, 2014 aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-04-29 13:36:21 ----------------------------- 13:36:21.937 OS Version: Windows 6.1.7601 Service Pack 1 13:36:21.937 Number of processors: 2 586 0xF06 13:36:21.939 ComputerName: USER-PC UserName: Mike 13:36:23.045 Initialize success 13:36:26.922 AVAST engine defs: 14042801 13:36:33.226 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 13:36:33.234 Disk 0 Vendor: Hitachi_HTS721060G9SA00 MC3OC10H Size: 57231MB BusType: 3 13:36:33.374 Disk 0 MBR read successfully 13:36:33.380 Disk 0 MBR scan 13:36:33.389 Disk 0 Windows 7 default MBR code 13:36:33.405 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 13:36:33.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 57129 MB offset 206848 13:36:33.442 Disk 0 scanning sectors +117207040 13:36:33.648 Disk 0 scanning C:\Windows\system32\drivers 13:36:45.884 Service scanning 13:37:17.417 Modules scanning 13:37:31.634 Disk 0 trace - called modules: 13:37:31.678 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys 13:37:31.686 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bf4798] 13:37:31.925 3 CLASSPNP.SYS[8a49759e] -> nt!IofCallDriver -> [0x85b32918] 13:37:31.933 5 ACPI.sys[89cac3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e59610] 13:37:32.627 AVAST engine scan C:\Windows 13:37:33.951 AVAST engine scan C:\Windows\system32 13:40:26.899 AVAST engine scan C:\Windows\system32\drivers 13:40:41.837 AVAST engine scan C:\Users\Mike 13:46:25.963 AVAST engine scan C:\ProgramData 13:47:17.095 Scan finished successfully 13:47:28.759 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat" 13:47:28.796 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt" Link to comment Share on other sites More sharing options...
Satchfan Posted April 29, 2014 Share Posted April 29, 2014 Hello againP2P - I see you have P2P software, (qBittorrent), installed on your machine.We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.If your computer is infected, it almost certainly contributed to your current situation.Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.Please see this topic for more information:Perils of P2P File Sharing.I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.Should you decide to keep it, please don’t use it until we have finished up here.===================================================Note: Please run these in the order given in the instructions.===================================================Download and run AdwCleaner Download AdwCleaner from here and save it to your desktop. run AdwCleaner when it has finished, select Clean if it asks to reboot, allow the reboot on reboot a log will be produced; please attach the content of the log to your next reply. ===================================================Download and run Junkware Removal Tool Please download Junkware Removal Tool to your desktop. shut down your protection software now to avoid potential conflicts. run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system please be patient as this can take a while to complete depending on your system's specifications on completion, a log (JRT.txt) is saved to your desktop and will automatically open post the contents of JRT.txt into your next message. ===================================================Run OTL download OTL to your desktop. double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. click Scan all users. under Custom Scan paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5startexplorer.exewinlogon.exeUserinit.exesvchost.exeservices.exe/md5stop%systemroot%\*. /rp /sDRIVESCREATERESTOREPOINT click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long. when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. you may need two posts to fit them both in. Logs to include with next post:AdwCleaner logJRT.txtOTL.txtExtras.txtThanksSatchfan Link to comment Share on other sites More sharing options...
Mugen Posted April 30, 2014 Author Share Posted April 30, 2014 # AdwCleaner v3.205 - Report created 29/04/2014 at 20:53:44 # Updated 28/04/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits) # Username : Mike - USER-PC # Running from : C:\Users\Mike\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Users\Mike\AppData\Local\NativeMessaging Folder Deleted : C:\Users\Mike\AppData\Local\TBHostSupport Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Mike\AppData\Roaming\eCyber Folder Deleted : C:\Users\Mike\AppData\Roaming\iSafe Folder Deleted : C:\Users\Mike\AppData\Roaming\OpenCandy File Deleted : C:\Users\Mike\AppData\Local\speedial.crx File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311875 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\Conduit ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v -\\ Google Chrome v34.0.1847.116 [ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2 Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_15_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzyyB0EyE0D0EyD0ByCyB0B0ByEtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0ByB0E0AtB0DyDtGtAzztA0EtG0EyCzztBtGyEyE0C0FtGyE0DtA0Dzyzz0CtAyDyCtAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEtA0A0C0DtByCtGzytDyE0BtGtAyEyCyCtGyDtCtD0AtGyB0FyDtA0BzzzzyEtByB0D0E2Q&cr=1575545163&ir= Deleted [Extension] : iagcajndpnfncplednpbnkahadegklfa ************************* AdwCleaner[R0].txt - [3005 octets] - [29/04/2014 20:48:00] AdwCleaner[s0].txt - [3337 octets] - [29/04/2014 20:53:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3397 octets] ########## AdwCleanerS0.txt Link to comment Share on other sites More sharing options...
Mugen Posted April 30, 2014 Author Share Posted April 30, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Ultimate x86 Ran by Mike on Tue 04/29/2014 at 20:59:46.76 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{769BD8C6-66AB-406B-B75A-A2BFB0D29633} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8cba60a5-25a8-4785-ae3a-03daa3a0b045} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8cba60a5-25a8-4785-ae3a-03daa3a0b045} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\conduit" Successfully deleted: [Folder] "C:\Users\Mike\Local Settings\Application Data\cre" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 04/29/2014 at 21:04:01.07 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to comment Share on other sites More sharing options...
Mugen Posted April 30, 2014 Author Share Posted April 30, 2014 OTL logfile created on: 4/29/2014 9:10:52 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.49 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 71.72% Memory free 3.08 Gb Paging File | 2.10 Gb Available in Paging File | 68.37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55.79 Gb Total Space | 2.18 Gb Free Space | 3.91% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/04/29 21:01:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe PRC - [2014/04/23 10:17:33 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2014/04/23 10:17:32 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014/04/23 10:17:00 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe PRC - [2014/01/06 16:37:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2013/10/31 10:21:52 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2013/09/24 12:49:26 | 029,395,264 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2014/03/08 02:32:09 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2014/04/23 10:17:32 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2014/04/23 10:17:00 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/09/05 01:24:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5) DRV - [2014/04/29 20:55:22 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon) DRV - [2014/04/23 10:17:47 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2014/04/23 10:17:47 | 000,067,776 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm) DRV - [2014/04/23 10:17:46 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2014/04/23 10:17:46 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2014/04/23 10:17:46 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2014/04/23 10:17:46 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2014/04/23 10:17:46 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2014/04/23 10:17:46 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid) DRV - [2014/04/23 10:17:12 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2014/04/23 10:17:01 | 000,269,728 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdisFlt.sys -- (aswNdisFlt) DRV - [2013/05/07 10:54:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2013/05/07 10:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/09/09 17:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2) DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 17:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009/02/08 06:12:50 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (npf) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 1A 11 A8 91 6B CC 01 [binary data] IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mike\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mike\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/23 10:17:54 | 000,000,000 | ---D | M] [2014/01/19 13:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\tpcav2fo.default\extensions [2014/01/14 23:38:20 | 001,267,418 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\tpcav2fo.default\extensions\firefox@ghostery.com.xpi [2014/01/16 10:30:37 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\tpcav2fo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/11/25 22:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Error reading preferences file CHR - Extension: BetterTTV = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\6.6_0\ CHR - Extension: Xmarks Bookmark Sync = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.28_0\ CHR - Extension: YouTube = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Mac OS X Simple Theme = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihohekcekjgjdkeljpkbaaecgfoimbj\1.0.1_0\ CHR - Extension: Google Search = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: AdBlock = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\ CHR - Extension: LastPass: Free Password Manager = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.17_0\ CHR - Extension: eBay Extension for Google Chromeâ„¢ = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\3.1.0_0\ CHR - Extension: Ghostery = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.2.1_0\ CHR - Extension: Twitch Now = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk\1.1.55_0\ CHR - Extension: Google Wallet = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\ CHR - Extension: Checker Plus for Gmailâ„¢ = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\17.1_0\ CHR - Extension: Click&Clean App = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.5_0\ CHR - Extension: Gmail = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: RSS Feed Reader = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.3_0\ O1 HOSTS File: ([2013/12/22 10:51:48 | 000,450,660 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15467 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKU\S-1-5-21-3205844754-2023788714-46632679-1002..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\..Trusted Domains: $talisma_url$ ([]https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{222C3531-8E14-40E4-87CF-8313BA547688}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014/04/29 21:01:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2014/04/29 20:59:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/04/29 20:59:01 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Mike\Desktop\JRT.exe [2014/04/29 20:48:50 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll [2014/04/29 20:47:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/04/29 13:35:50 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe [2014/04/29 12:56:33 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr [2014/04/28 15:47:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe [2014/04/28 15:05:00 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Mozilla [2014/04/28 03:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Special Uninstaller [2014/04/28 03:36:43 | 000,038,912 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys [2014/04/23 10:18:01 | 000,026,136 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2014/04/23 10:17:45 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2014/04/23 10:17:01 | 000,269,728 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys [2014/04/17 22:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2014/04/17 11:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers [2014/04/13 16:19:29 | 000,000,000 | ---D | C] -- C:\SUPERDelete [2014/04/08 09:11:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Downloads [2014/04/02 13:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Zamzom [2014/04/02 13:43:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Overlook [2014/04/02 13:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2014/04/02 13:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Overlook [2014/04/02 13:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Overlook Fing [2014/04/02 13:39:05 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher [2014/04/02 13:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft [2014/04/02 13:37:08 | 000,824,416 | ---- | C] (NirSoft) -- C:\Users\Mike\Desktop\WNetWatcher.exe [2014/03/31 06:46:49 | 000,000,000 | R--D | C] -- C:\Users\Mike\Pictures ========== Files - Modified Within 30 Days ========== [2014/04/29 21:02:26 | 000,025,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/04/29 21:02:26 | 000,025,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/04/29 21:01:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2014/04/29 20:59:06 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Mike\Desktop\JRT.exe [2014/04/29 20:55:56 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job [2014/04/29 20:55:22 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys [2014/04/29 20:55:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/04/29 20:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/04/29 20:54:49 | 2005,495,808 | -HS- | M] () -- C:\hiberfil.sys [2014/04/29 20:53:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/04/29 20:53:00 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/04/29 20:47:35 | 001,310,621 | ---- | M] () -- C:\Users\Mike\Desktop\adwcleaner.exe [2014/04/29 14:25:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3205844754-2023788714-46632679-1002UA.job [2014/04/29 13:47:28 | 000,000,512 | ---- | M] () -- C:\Users\Mike\Desktop\MBR.dat [2014/04/29 13:36:06 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe [2014/04/29 12:56:40 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr [2014/04/28 15:47:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe [2014/04/28 08:25:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3205844754-2023788714-46632679-1002Core.job [2014/04/23 10:35:26 | 000,053,760 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/04/23 10:18:44 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2014/04/23 10:17:47 | 000,180,632 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2014/04/23 10:17:47 | 000,067,776 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys [2014/04/23 10:17:46 | 000,776,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2014/04/23 10:17:46 | 000,411,552 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2014/04/23 10:17:46 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2014/04/23 10:17:46 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2014/04/23 10:17:46 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2014/04/23 10:17:46 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys [2014/04/23 10:17:45 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2014/04/23 10:17:45 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014/04/23 10:17:12 | 000,026,136 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2014/04/23 10:17:01 | 000,269,728 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys [2014/04/23 05:20:06 | 000,038,912 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys [2014/04/17 22:04:06 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\ApexDC++.lnk [2014/04/17 11:03:21 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk [2014/04/14 21:05:55 | 003,272,652 | ---- | M] () -- C:\Users\Mike\Desktop\Angel Theme song - Darling Violetta - Sanctuary (No Intro).mp3 [2014/04/13 16:32:23 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014/04/13 16:32:23 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014/04/13 16:14:04 | 000,221,845 | ---- | M] () -- C:\Users\Mike\Desktop\WinXP.zip [2014/04/02 13:47:01 | 000,003,103 | ---- | M] () -- C:\Users\Mike\Desktop\Zamzom Wireless Network Tool (Active).lnk [2014/04/02 13:41:19 | 000,001,116 | ---- | M] () -- C:\Users\Mike\Desktop\WNetWatcher.cfg [2014/04/01 03:21:33 | 089,825,900 | ---- | M] () -- C:\Users\Mike\Desktop\download.mp4 ========== Files Created - No Company Name ========== [2014/04/29 20:47:04 | 001,310,621 | ---- | C] () -- C:\Users\Mike\Desktop\adwcleaner.exe [2014/04/29 13:47:28 | 000,000,512 | ---- | C] () -- C:\Users\Mike\Desktop\MBR.dat [2014/04/23 10:18:44 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2014/04/23 10:18:03 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys [2014/04/17 11:04:03 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job [2014/04/17 11:03:21 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk [2014/04/14 21:05:49 | 003,272,652 | ---- | C] () -- C:\Users\Mike\Desktop\Angel Theme song - Darling Violetta - Sanctuary (No Intro).mp3 [2014/04/13 16:14:31 | 000,221,845 | ---- | C] () -- C:\Users\Mike\Desktop\WinXP.zip [2014/04/02 13:47:01 | 000,003,103 | ---- | C] () -- C:\Users\Mike\Desktop\Zamzom Wireless Network Tool (Active).lnk [2014/04/02 13:39:22 | 000,001,116 | ---- | C] () -- C:\Users\Mike\Desktop\WNetWatcher.cfg [2014/04/01 02:29:56 | 089,825,900 | ---- | C] () -- C:\Users\Mike\Desktop\download.mp4 [2014/03/28 12:51:15 | 000,053,760 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/03/08 02:36:26 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2014/03/08 02:36:17 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013/12/22 11:39:46 | 000,000,511 | ---- | C] () -- C:\Windows\wininit.ini [2013/11/01 14:49:53 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys [2013/11/01 01:25:10 | 000,138,056 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\PnkBstrK.sys [2013/10/31 10:17:36 | 000,000,339 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\burnaware.ini ========== ZeroAccess Check ========== [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe < MD5 for: SERVICES.EXE > [2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe [2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe < MD5 for: SVCHOST.EXE > [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < %systemroot%\*. /rp /s > ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: Hitachi HTS721060G9SA00 ATA Device Partitions: 2 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 100.00MB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 56.00GB Starting Offset: 105906176 Hidden sectors: 0 < End of report > Link to comment Share on other sites More sharing options...
Mugen Posted April 30, 2014 Author Share Posted April 30, 2014 OTL Extras logfile created on: 4/29/2014 9:10:52 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.49 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 71.72% Memory free 3.08 Gb Paging File | 2.10 Gb Available in Paging File | 68.37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55.79 Gb Total Space | 2.18 Gb Free Space | 3.91% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = OperaStable] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3EFF8E94-22B2-4D47-BB60-0F3F9CF86A71}" = protocol=6 | dir=in | app=c:\users\mike\appdata\local\google\google talk plugin\googletalkplugin.exe | "{90ADE77F-7436-4BD4-9ACC-E2171DE35C40}" = protocol=17 | dir=in | app=c:\users\mike\appdata\local\google\google talk plugin\googletalkplugin.exe | "TCP Query User{5006DB63-A8E7-4B12-A3E5-9B65996FEBCC}C:\program files\apexdc++\apexdc.exe" = protocol=6 | dir=in | app=c:\program files\apexdc++\apexdc.exe | "TCP Query User{5865A3A8-DEB0-4281-9875-DBCA87D3ADF2}C:\users\mike\desktop\qbittorrent.exe" = protocol=6 | dir=in | app=c:\users\mike\desktop\qbittorrent.exe | "TCP Query User{77F82943-B38F-40DA-A27B-4A8EF51837DB}C:\users\mike\desktop\qbittorrent.exe" = protocol=6 | dir=in | app=c:\users\mike\desktop\qbittorrent.exe | "TCP Query User{79378A06-F28A-4EE2-A76B-5ED68E8F263B}C:\program files\apexdc++\apexdc.exe" = protocol=6 | dir=in | app=c:\program files\apexdc++\apexdc.exe | "UDP Query User{1EE9B09B-63C9-4893-B727-1D4617B71401}C:\users\mike\desktop\qbittorrent.exe" = protocol=17 | dir=in | app=c:\users\mike\desktop\qbittorrent.exe | "UDP Query User{35E4A1AF-8CBC-4F66-8B1F-A7FCA6EF1E56}C:\program files\apexdc++\apexdc.exe" = protocol=17 | dir=in | app=c:\program files\apexdc++\apexdc.exe | "UDP Query User{819182B3-600D-41A6-AEE0-9F582638A7E0}C:\users\mike\desktop\qbittorrent.exe" = protocol=17 | dir=in | app=c:\users\mike\desktop\qbittorrent.exe | "UDP Query User{8E482C5E-4DFB-4AE4-A0BB-EFE788294CE8}C:\program files\apexdc++\apexdc.exe" = protocol=17 | dir=in | app=c:\program files\apexdc++\apexdc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43D1A6DC-F2D3-4EBC-8851-CC8B9C0C8763}_is1" = ApexDC++ 1.5.12 "{6080787C-8D8A-3334-B79E-FFDC020FA0A1}" = Google Talk Plugin "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 "{CED3B64B-9381-4AB8-A213-6C084C952E43}" = Zamzom Wireless "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Avast" = avast! Internet Security "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "Google Chrome" = Google Chrome "HDMI" = Intel® Graphics Media Accelerator Driver "ImgBurn" = ImgBurn "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NirSoft Wireless Network Watcher" = NirSoft Wireless Network Watcher "PROPLUS" = Microsoft Office Professional Plus 2007 "TinyPDF_is1" = TinyPDF 2.0 "winpcap-overlook" = winpcap-overlook 4.02 "WizTree_is1" = WizTree v1.07 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/29/2014 10:09:16 PM | Computer Name = User-PC | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1670 Start Time: 01cf6418fc86d165 Termination Time: 17 Application Path: C:\Users\Mike\Desktop\OTL.exe Report Id: < End of report > Link to comment Share on other sites More sharing options...
Satchfan Posted April 30, 2014 Share Posted April 30, 2014 That looks OK.Download Malwarebytes-Anti-Malware Click here (at the top of the page, click on "Download Current Version") double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”) at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish.. if an update is found, it will download and install the latest version. once the program has loaded, select Perform quick scan, then click Scan. when the scan is complete, click OK, then Show Results to view the results. be sure that everything is checked, and click Remove Selected. when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) the log is automatically saved and can be viewed by clicking the Logs tab in MBAM. copy and paste the contents of that report in your next reply and exit MBAM. NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.================================================Run Security CheckDownload Security Check by screen317 from here or here. save it to your Desktop. double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. a Notepad document should open automatically called checkup.txt; please post the contents of that document. Logs to include with the next post:Mbam.txtcheckup.txt Can you tell me how the computer is behaving and if there are any outstanding problems.Satchfan Link to comment Share on other sites More sharing options...
Mugen Posted May 1, 2014 Author Share Posted May 1, 2014 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/30/2014 Scan Time: 8:37:51 PM Logfile: Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.01.02 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Mike Scan Type: Threat Scan Result: Completed Objects Scanned: 252410 Time Elapsed: 13 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Link to comment Share on other sites More sharing options...
Mugen Posted May 1, 2014 Author Share Posted May 1, 2014 Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy SUPERAntiSpyware CCleaner Adobe Flash Player 12.0.0.77 Flash Player out of Date! Google Chrome 34.0.1847.116 Google Chrome 34.0.1847.131 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` Link to comment Share on other sites More sharing options...
Mugen Posted May 1, 2014 Author Share Posted May 1, 2014 It seems to be running faster since you started helping me,it was really slow before that.There aren't any problems so far,thank you for helping me satchfan. Link to comment Share on other sites More sharing options...
Satchfan Posted May 1, 2014 Share Posted May 1, 2014 (edited) I'm glad things are better and you are welcome for the help.One more scan and if that's OK we can tidy up.Run ESET Online ScanIMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan click the Eset online Scanner button for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)o click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.o double click on the Eset installer icon on your desktop. check Yes, I accept the Terms of Use click the Start button accept any security warnings from your browser check Scan archives and Remove found threats click Advanced settings and select the following:o Scan potentially unwanted applicationso Scan for potentially unsafe applicationso Enable Anti-Stealth technology ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. when the scan completes, push List of found threats push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Note - if ESET doesn't find any threats, no report will be created. push the back button. push Finish When the scan is complete:If no threats were found:o put a checkmark in "Uninstall application on close"o close programo report to me that nothing was foundIf threats were found:o click on "list of threats found"o click on "export to text file" and save it as ESET results and save to the desktopo Click on backo put a checkmark in "Uninstall application on close"o click on finisho close programo copy and paste the report here.ThanksSatchfan Edited May 1, 2014 by Satchfan Link to comment Share on other sites More sharing options...
Satchfan Posted May 5, 2014 Share Posted May 5, 2014 Hi MugenIt has been several days since I asked you to run an Eset scan.Please let me know the result and we can then tidy upThanksSatchfan Link to comment Share on other sites More sharing options...
Mugen Posted May 5, 2014 Author Share Posted May 5, 2014 ESet Scan=Total scan time was 33 minutes and 6 seconds and 86572 files were scanned. The scanner find no infected files. Thanks again dont know where my pc would be. Link to comment Share on other sites More sharing options...
Satchfan Posted May 5, 2014 Share Posted May 5, 2014 Thanks again dont know where my pc would be. You’re welcome. Your computer appears to be clean. Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again: Uninstall OTL double-click OTL.exe click the CleanUp! button. select Yes when the Begin cleanup Process? prompt appears. if you are prompted to reboot during the cleanup, select Yes. the tool will delete itself once it finishes, if not delete it by yourself. NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so. =================================================== Uninstall AdwCleaner double click on adwcleaner.exe to run the tool click on Uninstall confirm with Yes. You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete. =================================================== Create a Restore Point click on Start > Control Panel (All Control Panel Items) click on System > System Protection check that you have System Protection turned on for the drive that you want to create a restore point for, (usually C: click Create type in a description for the restore point to help recognize it when doing a System Restore, and click on the Create button. Remove old restore points open Disk Cleanup by clicking Start. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup. if prompted, select the drive that you want to clean up, and then click OK. in the Disk Cleanup for (drive letter) dialog box, click Clean up system files. If you're prompted for an administrator password or confirmation, type the password or provide confirmation if prompted, select the drive that you want to clean up, and then click OK click the More Options tab, then under System Restore and Shadow Copies, click Clean up in the Disk Cleanup dialog box, click Delete click Delete Files, and then click OK. =================================================== You have an old version of Flash on your computer which is vulnerable to infections. from the Start menu, select Control Panel in Large or Small icon view, click Programs and Features. If you're using Category view, under "Programs", click Uninstall a program select any versions of Flash then click Uninstall. Install the latest version: Flash =================================================== Recommended programs SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer. =================================================== Re-enable Spybot - Search and Destroy’s TeaTimer open Spybot Search & Destroy go to the Mode menu and make sure Advanced Mode is selected choose Yes at the Warning prompt expand the “Tools” menu click Resident check the Resident TeaTimer (Protection of overall system settings) active. box in the File menu click Exit to exit Spybot Search & Destroy if Teatimer gives you a warning that changes were made, click Allow Change when prompted.exit Spybot S&D. Remember to scan your computer with the program on a regular basis as you would with your anti-virus software. =================================================== Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly. =================================================== It’s important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. =================================================== MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. A couple of links with information here and here which can answer any questions you might have about installing/using it. =================================================== I also recommend that you read the following: How to prevent malware by miekiemoes Help! My computer is slow! by miekiemoes Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic. Safe computing Satchfan Link to comment Share on other sites More sharing options...
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
Recommended Posts