Jump to content

Change Mode

Can someone help,internet is super slow?


Mugen
 Share

Recommended Posts

For some odd reason google is slow and sometimes my internet is kind of slow




98Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 4:20:22 PM, on 4/28/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16720)


FIREFOX: 28.0 (en-US)

Boot mode: Normal


Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\SlimDrivers\SlimDrivers.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Mike\Desktop\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


--

End of file - 5682 bytes


Link to comment
Share on other sites

Hello Mugen and welcome to the The Pit.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


Run DDS

Please download DDS by sUBs from the following link and save it to your desktop.


DDS.pif

  • disable any script blocking protection (How to Disable your Security Programs)
  • double click DDS icon to run the tool (may take up to 3 minutes to run)
  • when done, DDS.txt will open
  • after a few moments, attach.txt will open in a second window
  • save both reports to your desktop
  • Post the contents of the DDS.txt and Attach.txt reports in your next reply.

===================================================

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

Please include the following in your next post :

DDS.txt
Attach.txt
aswMBR log


Thanks

Satchfan

 

Link to comment
Share on other sites

No matter how fast your Internet connection is, there are times when things will slow down to a crawl. The type of Internet connection you use is the most important factor in determining your connection speed. The three most common ways to connect to the Internet from home are dial-up, DSL, and cable. If you have a choice, cable is usually the fastest, but both DSL and cable are faster than dial-up.The health of your computer can affect your Internet connection. Spyware and viruses can definitely cause problems, but your Internet connection speed can also be affected by add-on programs, the amount of memory the computer has, hard disk space and condition, and the programs that are running. :)

Link to comment
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16720

Run by Mike at 13:30:43 on 2014-04-29

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2550.956 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\SlimDrivers\SlimDrivers.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_15_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzyyB0EyE0D0EyD0ByCyB0B0ByEtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0ByB0E0AtB0DyDtGtAzztA0EtG0EyCzztBtGyEyE0C0FtGyE0DtA0Dzyzz0CtAyDyCtAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEtA0A0C0DtByCtGzytDyE0BtGtAyEyCyCtGyDtCtD0AtGyB0FyDtA0BzzzzyEtByB0D0E2Q&cr=1575545163&ir=

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [Google Update] "c:\users\mike\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: $talisma_url$

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{222C3531-8E14-40E4-87CF-8313BA547688} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\16474777966696 : DHCPNameServer = 192.168.40.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\2375942554139383 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\44168616B6 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\45F4E45495E4544575F425B4 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\8686F6E6F62737 : DHCPNameServer = 100.45.26.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}\C696E6B6379737 : DHCPNameServer = 24.116.2.50 24.116.2.34

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2014-4-23 269728]

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-3-8 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-3-8 180632]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-4-23 26136]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-3-8 776976]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-3-8 411552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]

R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-23 24184]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-3-8 67824]

R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-3-8 67776]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-23 50344]

R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-4-23 109048]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-5 1153368]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-9-5 15872]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-11-1 13464]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-5 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-5 1343400]

.

=============== Created Last 30 ================

.

2014-04-28 20:05:00 -------- d-----w- c:\users\mike\appdata\local\Mozilla

2014-04-28 08:45:30 -------- d-----w- c:\program files\Special Uninstaller

2014-04-28 08:37:12 -------- d-----w- c:\users\mike\appdata\roaming\eCyber

2014-04-28 08:36:43 38912 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys

2014-04-28 08:36:16 -------- d-----w- c:\users\mike\appdata\roaming\iSafe

2014-04-23 15:18:03 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-04-23 15:18:01 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2014-04-23 15:17:45 43152 ----a-w- c:\windows\avastSS.scr

2014-04-23 15:17:01 269728 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys

2014-04-18 03:04:43 -------- d-----w- c:\programdata\Package Cache

2014-04-13 21:19:29 -------- d-----w- C:\SUPERDelete

2014-04-02 18:47:01 -------- d-----w- c:\program files\Zamzom

2014-04-02 18:43:06 -------- d-----w- c:\users\mike\appdata\roaming\Overlook

2014-04-02 18:40:40 -------- d-----w- c:\program files\WinPcap

2014-04-02 18:40:35 -------- d-----w- c:\programdata\Overlook

2014-04-02 18:39:05 -------- d-----w- c:\program files\NirSoft

.

==================== Find3M ====================

.

2014-04-29 17:21:33 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2014-04-23 15:17:47 67776 ----a-w- c:\windows\system32\drivers\aswStm.sys

2014-04-23 15:17:47 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-04-23 15:17:46 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-04-23 15:17:46 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-04-23 15:17:46 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-04-23 15:17:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-03-27 17:16:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-03-27 17:16:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

============= FINISH: 13:31:50.23 ===============


Link to comment
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 9/5/2011 12:08:03 AM

System Uptime: 4/29/2014 12:20:52 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0FT292

Processor: Intel® Core2 CPU T7400 @ 2.16GHz | Microprocessor | 2167/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 2.233 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

7-Zip 9.20

Adobe Flash Player 11 ActiveX

Adobe Flash Player 12 Plugin

Adobe Shockwave Player 12.0

ApexDC++ 1.5.12

avast! Internet Security

CCleaner

CDBurnerXP

Conexant HDA D110 MDC V.92 Modem

Google Chrome

Google Talk Plugin

Google Update Helper

ImgBurn

Intel® Graphics Media Accelerator Driver

IrfanView (remove only)

Microsoft .NET Framework 4 Client Profile

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005

MPC-HC 1.7.1

NirSoft Wireless Network Watcher

qBittorrent 3.1.2

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

SlimDrivers

Spybot - Search & Destroy

SUPERAntiSpyware

swMSM

TinyPDF 2.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

winpcap-overlook 4.02

WizTree v1.07

Zamzom Wireless

.

==== Event Viewer Messages From Past Week ========

.

4/28/2014 3:34:19 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/28/2014 3:34:19 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

4/28/2014 3:33:44 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/28/2014 10:45:35 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

4/23/2014 10:18:38 AM, Error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================


Link to comment
Share on other sites

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2014-04-29 13:36:21

-----------------------------

13:36:21.937 OS Version: Windows 6.1.7601 Service Pack 1

13:36:21.937 Number of processors: 2 586 0xF06

13:36:21.939 ComputerName: USER-PC UserName: Mike

13:36:23.045 Initialize success

13:36:26.922 AVAST engine defs: 14042801

13:36:33.226 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:36:33.234 Disk 0 Vendor: Hitachi_HTS721060G9SA00 MC3OC10H Size: 57231MB BusType: 3

13:36:33.374 Disk 0 MBR read successfully

13:36:33.380 Disk 0 MBR scan

13:36:33.389 Disk 0 Windows 7 default MBR code

13:36:33.405 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

13:36:33.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 57129 MB offset 206848

13:36:33.442 Disk 0 scanning sectors +117207040

13:36:33.648 Disk 0 scanning C:\Windows\system32\drivers

13:36:45.884 Service scanning

13:37:17.417 Modules scanning

13:37:31.634 Disk 0 trace - called modules:

13:37:31.678 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys

13:37:31.686 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bf4798]

13:37:31.925 3 CLASSPNP.SYS[8a49759e] -> nt!IofCallDriver -> [0x85b32918]

13:37:31.933 5 ACPI.sys[89cac3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e59610]

13:37:32.627 AVAST engine scan C:\Windows

13:37:33.951 AVAST engine scan C:\Windows\system32

13:40:26.899 AVAST engine scan C:\Windows\system32\drivers

13:40:41.837 AVAST engine scan C:\Users\Mike

13:46:25.963 AVAST engine scan C:\ProgramData

13:47:17.095 Scan finished successfully

13:47:28.759 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"

13:47:28.796 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"



Link to comment
Share on other sites

Hello again

P2P - I see you have P2P software, (qBittorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run OTL

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT


  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

Logs to include with next post:

AdwCleaner log
JRT.txt
OTL.txt
Extras.txt


Thanks

Satchfan

 

Link to comment
Share on other sites

# AdwCleaner v3.205 - Report created 29/04/2014 at 20:53:44

# Updated 28/04/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

# Username : Mike - USER-PC

# Running from : C:\Users\Mike\Desktop\adwcleaner.exe

# Option : Clean


***** [ Services ] *****



***** [ Files / Folders ] *****


Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Users\Mike\AppData\Local\NativeMessaging

Folder Deleted : C:\Users\Mike\AppData\Local\TBHostSupport

Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Mike\AppData\Roaming\eCyber

Folder Deleted : C:\Users\Mike\AppData\Roaming\iSafe

Folder Deleted : C:\Users\Mike\AppData\Roaming\OpenCandy

File Deleted : C:\Users\Mike\AppData\Local\speedial.crx

File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml


***** [ Shortcuts ] *****



***** [ Registry ] *****


Key Deleted : HKCU\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311875

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\Conduit


***** [ Browsers ] *****


-\\ Internet Explorer v10.0.9200.16720


Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]


-\\ Mozilla Firefox v


-\\ Google Chrome v34.0.1847.116


[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]


Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2

Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_15_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzyyB0EyE0D0EyD0ByCyB0B0ByEtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0ByB0E0AtB0DyDtGtAzztA0EtG0EyCzztBtGyEyE0C0FtGyE0DtA0Dzyzz0CtAyDyCtAtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEtA0A0C0DtByCtGzytDyE0BtGtAyEyCyCtGyDtCtD0AtGyB0FyDtA0BzzzzyEtByB0D0E2Q&cr=1575545163&ir=

Deleted [Extension] : iagcajndpnfncplednpbnkahadegklfa


*************************


AdwCleaner[R0].txt - [3005 octets] - [29/04/2014 20:48:00]

AdwCleaner[s0].txt - [3337 octets] - [29/04/2014 20:53:44]


########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3397 octets] ##########


AdwCleanerS0.txt

Link to comment
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Ultimate x86

Ran by Mike on Tue 04/29/2014 at 20:59:46.76

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





~~~ Services




~~~ Registry Values




~~~ Registry Keys


Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{769BD8C6-66AB-406B-B75A-A2BFB0D29633}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8cba60a5-25a8-4785-ae3a-03daa3a0b045}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8cba60a5-25a8-4785-ae3a-03daa3a0b045}




~~~ Files




~~~ Folders


Successfully deleted: [Folder] "C:\ProgramData\conduit"

Successfully deleted: [Folder] "C:\Users\Mike\Local Settings\Application Data\cre"




~~~ Event Viewer Logs were cleared






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 04/29/2014 at 21:04:01.07

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Link to comment
Share on other sites

OTL logfile created on: 4/29/2014 9:10:52 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy


2.49 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 71.72% Memory free

3.08 Gb Paging File | 2.10 Gb Available in Paging File | 68.37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 55.79 Gb Total Space | 2.18 Gb Free Space | 3.91% Space Free | Partition Type: NTFS


Computer Name: USER-PC | User Name: Mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


========== Processes (SafeList) ==========


PRC - [2014/04/29 21:01:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe

PRC - [2014/04/23 10:17:33 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2014/04/23 10:17:32 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2014/04/23 10:17:00 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe

PRC - [2014/01/06 16:37:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2013/10/31 10:21:52 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2013/09/24 12:49:26 | 029,395,264 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe

PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe



========== Modules (No Company Name) ==========


MOD - [2014/03/08 02:32:09 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll



========== Services (SafeList) ==========


SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)

SRV - [2014/04/23 10:17:32 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2014/04/23 10:17:00 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV - [2013/10/10 17:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2011/09/05 01:24:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)



========== Driver Services (SafeList) ==========


DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)

DRV - [2014/04/29 20:55:22 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)

DRV - [2014/04/23 10:17:47 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2014/04/23 10:17:47 | 000,067,776 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)

DRV - [2014/04/23 10:17:46 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2014/04/23 10:17:46 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2014/04/23 10:17:46 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2014/04/23 10:17:46 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2014/04/23 10:17:46 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2014/04/23 10:17:46 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)

DRV - [2014/04/23 10:17:12 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)

DRV - [2014/04/23 10:17:01 | 000,269,728 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdisFlt.sys -- (aswNdisFlt)

DRV - [2013/05/07 10:54:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2013/05/07 10:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/09/09 17:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)

DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 17:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)

DRV - [2009/02/08 06:12:50 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (npf)



========== Standard Registry (SafeList) ==========



========== Internet Explorer ==========


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC



IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =


IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =


IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 1A 11 A8 91 6B CC 01 [binary data]

IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mike\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mike\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/23 10:17:54 | 000,000,000 | ---D | M]


[2014/01/19 13:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\tpcav2fo.default\extensions

[2014/01/14 23:38:20 | 001,267,418 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\tpcav2fo.default\extensions\firefox@ghostery.com.xpi

[2014/01/16 10:30:37 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\tpcav2fo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/11/25 22:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions


========== Chrome ==========


CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/

CHR - plugin: Error reading preferences file

CHR - Extension: BetterTTV = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\6.6_0\

CHR - Extension: Xmarks Bookmark Sync = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.28_0\

CHR - Extension: YouTube = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Mac OS X Simple Theme = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihohekcekjgjdkeljpkbaaecgfoimbj\1.0.1_0\

CHR - Extension: Google Search = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: AdBlock = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\

CHR - Extension: LastPass: Free Password Manager = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.17_0\

CHR - Extension: eBay Extension for Google Chromeâ„¢ = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\3.1.0_0\

CHR - Extension: Ghostery = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.2.1_0\

CHR - Extension: Twitch Now = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk\1.1.55_0\

CHR - Extension: Google Wallet = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

CHR - Extension: Checker Plus for Gmailâ„¢ = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\17.1_0\

CHR - Extension: Click&Clean App = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.5_0\

CHR - Extension: Gmail = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: RSS Feed Reader = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.3_0\


O1 HOSTS File: ([2013/12/22 10:51:48 | 000,450,660 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 15467 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKU\S-1-5-21-3205844754-2023788714-46632679-1002..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3205844754-2023788714-46632679-1002\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{222C3531-8E14-40E4-87CF-8313BA547688}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF7FC7B9-39E8-4689-BB60-CA7088BA1922}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT

Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========


[2014/04/29 21:01:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe

[2014/04/29 20:59:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/04/29 20:59:01 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Mike\Desktop\JRT.exe

[2014/04/29 20:48:50 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll

[2014/04/29 20:47:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/04/29 13:35:50 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe

[2014/04/29 12:56:33 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr

[2014/04/28 15:47:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe

[2014/04/28 15:05:00 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Mozilla

[2014/04/28 03:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Special Uninstaller

[2014/04/28 03:36:43 | 000,038,912 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys

[2014/04/23 10:18:01 | 000,026,136 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys

[2014/04/23 10:17:45 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2014/04/23 10:17:01 | 000,269,728 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys

[2014/04/17 22:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache

[2014/04/17 11:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers

[2014/04/13 16:19:29 | 000,000,000 | ---D | C] -- C:\SUPERDelete

[2014/04/08 09:11:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\Downloads

[2014/04/02 13:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Zamzom

[2014/04/02 13:43:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Overlook

[2014/04/02 13:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap

[2014/04/02 13:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Overlook

[2014/04/02 13:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Overlook Fing

[2014/04/02 13:39:05 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher

[2014/04/02 13:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft

[2014/04/02 13:37:08 | 000,824,416 | ---- | C] (NirSoft) -- C:\Users\Mike\Desktop\WNetWatcher.exe

[2014/03/31 06:46:49 | 000,000,000 | R--D | C] -- C:\Users\Mike\Pictures


========== Files - Modified Within 30 Days ==========


[2014/04/29 21:02:26 | 000,025,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/04/29 21:02:26 | 000,025,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/04/29 21:01:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe

[2014/04/29 20:59:06 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Mike\Desktop\JRT.exe

[2014/04/29 20:55:56 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job

[2014/04/29 20:55:22 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys

[2014/04/29 20:55:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/04/29 20:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/04/29 20:54:49 | 2005,495,808 | -HS- | M] () -- C:\hiberfil.sys

[2014/04/29 20:53:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/04/29 20:53:00 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/04/29 20:47:35 | 001,310,621 | ---- | M] () -- C:\Users\Mike\Desktop\adwcleaner.exe

[2014/04/29 14:25:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3205844754-2023788714-46632679-1002UA.job

[2014/04/29 13:47:28 | 000,000,512 | ---- | M] () -- C:\Users\Mike\Desktop\MBR.dat

[2014/04/29 13:36:06 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe

[2014/04/29 12:56:40 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr

[2014/04/28 15:47:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe

[2014/04/28 08:25:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3205844754-2023788714-46632679-1002Core.job

[2014/04/23 10:35:26 | 000,053,760 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/04/23 10:18:44 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2014/04/23 10:17:47 | 000,180,632 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys

[2014/04/23 10:17:47 | 000,067,776 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys

[2014/04/23 10:17:46 | 000,776,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2014/04/23 10:17:46 | 000,411,552 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2014/04/23 10:17:46 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2014/04/23 10:17:46 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2014/04/23 10:17:46 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2014/04/23 10:17:46 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys

[2014/04/23 10:17:45 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2014/04/23 10:17:45 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2014/04/23 10:17:12 | 000,026,136 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys

[2014/04/23 10:17:01 | 000,269,728 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys

[2014/04/23 05:20:06 | 000,038,912 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys

[2014/04/17 22:04:06 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\ApexDC++.lnk

[2014/04/17 11:03:21 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk

[2014/04/14 21:05:55 | 003,272,652 | ---- | M] () -- C:\Users\Mike\Desktop\Angel Theme song - Darling Violetta - Sanctuary (No Intro).mp3

[2014/04/13 16:32:23 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2014/04/13 16:32:23 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2014/04/13 16:14:04 | 000,221,845 | ---- | M] () -- C:\Users\Mike\Desktop\WinXP.zip

[2014/04/02 13:47:01 | 000,003,103 | ---- | M] () -- C:\Users\Mike\Desktop\Zamzom Wireless Network Tool (Active).lnk

[2014/04/02 13:41:19 | 000,001,116 | ---- | M] () -- C:\Users\Mike\Desktop\WNetWatcher.cfg

[2014/04/01 03:21:33 | 089,825,900 | ---- | M] () -- C:\Users\Mike\Desktop\download.mp4


========== Files Created - No Company Name ==========


[2014/04/29 20:47:04 | 001,310,621 | ---- | C] () -- C:\Users\Mike\Desktop\adwcleaner.exe

[2014/04/29 13:47:28 | 000,000,512 | ---- | C] () -- C:\Users\Mike\Desktop\MBR.dat

[2014/04/23 10:18:44 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2014/04/23 10:18:03 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys

[2014/04/17 11:04:03 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job

[2014/04/17 11:03:21 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk

[2014/04/14 21:05:49 | 003,272,652 | ---- | C] () -- C:\Users\Mike\Desktop\Angel Theme song - Darling Violetta - Sanctuary (No Intro).mp3

[2014/04/13 16:14:31 | 000,221,845 | ---- | C] () -- C:\Users\Mike\Desktop\WinXP.zip

[2014/04/02 13:47:01 | 000,003,103 | ---- | C] () -- C:\Users\Mike\Desktop\Zamzom Wireless Network Tool (Active).lnk

[2014/04/02 13:39:22 | 000,001,116 | ---- | C] () -- C:\Users\Mike\Desktop\WNetWatcher.cfg

[2014/04/01 02:29:56 | 089,825,900 | ---- | C] () -- C:\Users\Mike\Desktop\download.mp4

[2014/03/28 12:51:15 | 000,053,760 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/03/08 02:36:26 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2014/03/08 02:36:17 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013/12/22 11:39:46 | 000,000,511 | ---- | C] () -- C:\Windows\wininit.ini

[2013/11/01 14:49:53 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys

[2013/11/01 01:25:10 | 000,138,056 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\PnkBstrK.sys

[2013/10/31 10:17:36 | 000,000,339 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\burnaware.ini


========== ZeroAccess Check ==========


[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both


========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >

[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe


< MD5 for: SERVICES.EXE >

[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe

[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe


< MD5 for: SVCHOST.EXE >

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe


< MD5 for: USERINIT.EXE >

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe


< MD5 for: WINLOGON.EXE >

[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe


< %systemroot%\*. /rp /s >


========== Drive Information ==========


Physical Drives

---------------


Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: Hitachi HTS721060G9SA00 ATA Device

Partitions: 2

Status: OK

Status Info: 0


Partitions

---------------


DeviceID: Disk #0, Partition #0

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 100.00MB

Starting Offset: 1048576

Hidden sectors: 0



DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 56.00GB

Starting Offset: 105906176

Hidden sectors: 0



< End of report >
Link to comment
Share on other sites

OTL Extras logfile created on: 4/29/2014 9:10:52 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy


2.49 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 71.72% Memory free

3.08 Gb Paging File | 2.10 Gb Available in Paging File | 68.37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 55.79 Gb Total Space | 2.18 Gb Free Space | 3.91% Space Free | Partition Type: NTFS


Computer Name: USER-PC | User Name: Mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


========== Extra Registry (SafeList) ==========



========== File Associations ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = OperaStable] -- Reg Error: Key error. File not found


[HKEY_USERS\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found


========== Shell Spawning ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1"

https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


========== Security Center Settings ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]


========== Firewall Settings ==========


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0


========== Authorized Applications List ==========



========== Vista Active Open Ports Exception List ==========


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]


========== Vista Active Application Exception List ==========


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3EFF8E94-22B2-4D47-BB60-0F3F9CF86A71}" = protocol=6 | dir=in | app=c:\users\mike\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{90ADE77F-7436-4BD4-9ACC-E2171DE35C40}" = protocol=17 | dir=in | app=c:\users\mike\appdata\local\google\google talk plugin\googletalkplugin.exe |

"TCP Query User{5006DB63-A8E7-4B12-A3E5-9B65996FEBCC}C:\program files\apexdc++\apexdc.exe" = protocol=6 | dir=in | app=c:\program files\apexdc++\apexdc.exe |

"TCP Query User{5865A3A8-DEB0-4281-9875-DBCA87D3ADF2}C:\users\mike\desktop\qbittorrent.exe" = protocol=6 | dir=in | app=c:\users\mike\desktop\qbittorrent.exe |

"TCP Query User{77F82943-B38F-40DA-A27B-4A8EF51837DB}C:\users\mike\desktop\qbittorrent.exe" = protocol=6 | dir=in | app=c:\users\mike\desktop\qbittorrent.exe |

"TCP Query User{79378A06-F28A-4EE2-A76B-5ED68E8F263B}C:\program files\apexdc++\apexdc.exe" = protocol=6 | dir=in | app=c:\program files\apexdc++\apexdc.exe |

"UDP Query User{1EE9B09B-63C9-4893-B727-1D4617B71401}C:\users\mike\desktop\qbittorrent.exe" = protocol=17 | dir=in | app=c:\users\mike\desktop\qbittorrent.exe |

"UDP Query User{35E4A1AF-8CBC-4F66-8B1F-A7FCA6EF1E56}C:\program files\apexdc++\apexdc.exe" = protocol=17 | dir=in | app=c:\program files\apexdc++\apexdc.exe |

"UDP Query User{819182B3-600D-41A6-AEE0-9F582638A7E0}C:\users\mike\desktop\qbittorrent.exe" = protocol=17 | dir=in | app=c:\users\mike\desktop\qbittorrent.exe |

"UDP Query User{8E482C5E-4DFB-4AE4-A0BB-EFE788294CE8}C:\program files\apexdc++\apexdc.exe" = protocol=17 | dir=in | app=c:\program files\apexdc++\apexdc.exe |


========== HKEY_LOCAL_MACHINE Uninstall List ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.1

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{43D1A6DC-F2D3-4EBC-8851-CC8B9C0C8763}_is1" = ApexDC++ 1.5.12

"{6080787C-8D8A-3334-B79E-FFDC020FA0A1}" = Google Talk Plugin

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

"{CED3B64B-9381-4AB8-A213-6C084C952E43}" = Zamzom Wireless

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 12.0

"Avast" = avast! Internet Security

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"ImgBurn" = ImgBurn

"IrfanView" = IrfanView (remove only)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NirSoft Wireless Network Watcher" = NirSoft Wireless Network Watcher

"PROPLUS" = Microsoft Office Professional Plus 2007

"TinyPDF_is1" = TinyPDF 2.0

"winpcap-overlook" = winpcap-overlook 4.02

"WizTree_is1" = WizTree v1.07


========== HKEY_USERS Uninstall List ==========


[HKEY_USERS\S-1-5-21-3205844754-2023788714-46632679-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]


========== Last 20 Event Log Errors ==========


[ Application Events ]

Error - 4/29/2014 10:09:16 PM | Computer Name = User-PC | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 1670 Start Time:

01cf6418fc86d165 Termination Time: 17 Application Path: C:\Users\Mike\Desktop\OTL.exe


Report

Id:



< End of report >


Link to comment
Share on other sites

That looks OK.

Download Malwarebytes-Anti-Malware

Click here (at the top of the page, click on "Download Current Version")

 

  • double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
  • at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
  • if an update is found, it will download and install the latest version.
  • once the program has loaded, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

================================================

Run Security Check

Download Security Check by screen317 from here or here.


  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Logs to include with the next post:

Mbam.txt
checkup.txt


Can you tell me how the computer is behaving and if there are any outstanding problems.

Satchfan

 

Link to comment
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org


Scan Date: 4/30/2014

Scan Time: 8:37:51 PM

Logfile:

Administrator: Yes


Version: 2.00.1.1004

Malware Database: v2014.05.01.02

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled


OS: Windows 7 Service Pack 1

CPU: x86

File System: NTFS

User: Mike


Scan Type: Threat Scan

Result: Completed

Objects Scanned: 252410

Time Elapsed: 13 min, 40 sec


Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled


Processes: 0

(No malicious items detected)


Modules: 0

(No malicious items detected)


Registry Keys: 0

(No malicious items detected)


Registry Values: 0

(No malicious items detected)


Registry Data: 0

(No malicious items detected)


Folders: 0

(No malicious items detected)


Files: 0

(No malicious items detected)


Physical Sectors: 0

(No malicious items detected)



(end)

Link to comment
Share on other sites

Results of screen317's Security Check version 0.99.82

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 10 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Spybot - Search & Destroy

SUPERAntiSpyware

CCleaner

Adobe Flash Player 12.0.0.77 Flash Player out of Date!

Google Chrome 34.0.1847.116

Google Chrome 34.0.1847.131

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

Spybot Teatimer.exe is disabled!

Malwarebytes Anti-Malware mbamscheduler.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast afwServ.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````
Link to comment
Share on other sites

I'm glad things are better and you are welcome for the help.

One more scan and if that's OK we can tidy up.

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o double click on the Eset installer icon on your desktop.

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Scan archives and Remove found threats
  • click Advanced settings and select the following:


    o Scan potentially unwanted applications
    o Scan for potentially unsafe applications
    o Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Note - if ESET doesn't find any threats, no report will be created.
  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:

o put a checkmark in "Uninstall application on close"
o close program
o report to me that nothing was found
If threats were found:

o click on "list of threats found"
o click on "export to text file" and save it as ESET results and save to the desktop
o Click on back
o put a checkmark in "Uninstall application on close"
o click on finish
o close program
o copy and paste the report here.

Thanks

Satchfan

Edited by Satchfan
Link to comment
Share on other sites

Thanks again dont know where my pc would be.

You’re welcome.

 

Your computer appears to be clean.

 

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

 

Uninstall OTL

  • double-click OTL.exe
  • click the CleanUp! button.
  • select Yes when the Begin cleanup Process? prompt appears.
  • if you are prompted to reboot during the cleanup, select Yes.
  • the tool will delete itself once it finishes, if not delete it by yourself.

NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

 

===================================================

 

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

 

===================================================

 

Create a Restore Point

 

  • click on Start > Control Panel (All Control Panel Items)
  • click on System > System Protection
  • check that you have System Protection turned on for the drive that you want to create a restore point for, (usually C:
  • click Create
  • type in a description for the restore point to help recognize it when doing a System Restore, and click on the Create button.

Remove old restore points

 

  • open Disk Cleanup by clicking Start. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
  • if prompted, select the drive that you want to clean up, and then click OK.
  • in the Disk Cleanup for (drive letter) dialog box, click Clean up system files. If you're prompted for an administrator password or confirmation, type the password or provide confirmation
  • if prompted, select the drive that you want to clean up, and then click OK
  • click the More Options tab, then under System Restore and Shadow Copies, click Clean up
  • in the Disk Cleanup dialog box, click Delete
  • click Delete Files, and then click OK.

===================================================

 

You have an old version of Flash on your computer which is vulnerable to infections.

 

  • from the Start menu, select Control Panel
  • in Large or Small icon view, click Programs and Features. If you're using Category view, under "Programs", click Uninstall a program
  • select any versions of Flash then click Uninstall.

Install the latest version:

Flash

 

===================================================

 

Recommended programs

 

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

 

===================================================

 

Re-enable Spybot - Search and Destroy’s TeaTimer

  • open Spybot Search & Destroy
  • go to the Mode menu and make sure Advanced Mode is selected
  • choose Yes at the Warning prompt
  • expand the “Tools” menu
  • click Resident
  • check the Resident TeaTimer (Protection of overall system settings) active. box
  • in the File menu click Exit to exit Spybot Search & Destroy
  • if Teatimer gives you a warning that changes were made, click Allow Change when prompted.

    exit Spybot S&D.

Remember to scan your computer with the program on a regular basis as you would with your anti-virus software.

 

===================================================

 

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

 

===================================================

 

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

 

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

 

===================================================

 

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

 

A couple of links with information here and here which can answer any questions you might have about installing/using it.

 

===================================================

 

I also recommend that you read the following:

 

How to prevent malware by miekiemoes

 

Help! My computer is slow! by miekiemoes

 

Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams

 

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

 

Safe computing

 

Satchfan

Link to comment
Share on other sites

 Share

×
×
  • Create New...