Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

www.getwindowinfo -run autom. IE, internet connection avail. after 3 min., Win7


  • This topic is locked This topic is locked
83 replies to this topic

#1 Min-C

Min-C

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 16 May 2014 - 01:42 PM

After using ESET scan Internet Explorer is not run automatically and I cannot see this message anymore, but the internet connection is available after 3 minutes each time I start a system. In a start menu I cannot see programs. Even after typing 'Word' in a search I cannot see any Word icon, either exe or file (but when I type 'task' I see Word file icons). In 'Accessories' (Start Menu) I see: Command Prompt, Run, Windows Explorer, Ease of Access, System Tools, Windows PowerShell. The 'All Programs' list is short (but this might be an effect of the AdwCleaner or similar, cus after the first AdwCleaner I lost the internet connection for good and typed: 'netsh interface ipv4 reset' in cmd.


Guys, please don't think that I am crazy or ignorant but there is one particular program which I don't want to share with every average user as me. In this case I used  /\/\/\/\/\/\/\/\/\/\
This program is fully trusted and just name and producer is covered. Once again, please don't blame me.
The name may be send in a private message.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447  BrowserJavaVersion: 10.45.2
Run by tnx at 21:39:09 on 2014-05-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.7787.6515 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)/\/\/\/\/\/\/\/\/\/\/\/\/\/\icon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
BHO: /\/\/\/\/\/\/\/\/\: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: /\/\/\/\/\/\/\/\/\: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\.dll
TB: /\/\/\/\/\/\/\/\/\: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [/\/\/\/\/\] "C:\Program Files (x86)/\/\/\/\/\/\/\/\/\/\/\/\/\/\Icon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1aa.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ab - Rob knows.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ac - Thiomersal  traces.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ad - coun·ter·part - A copy or duplicate of a legal paper, Unmediated.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ae - krecenie, krecenie sie.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1af - opposite.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ag - following on from that.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ah - light-headedness.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ai - perpetual.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1aj - aside from, persevere.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ak - hold sb on his word.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1b - messages , mails.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pxtaskbartrans.exe
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$ How does the trade work.docx
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$97 Avoiding scams.docx
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$all.docx
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$l short.docx
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/html
IE: /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/html
IE: /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/html
IE: /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{96CCED82-1A22-454A-9F5C-8F58B3AD7B6B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{96CCED82-1A22-454A-9F5C-8F58B3AD7B6B}\244584572633D235237434 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{96CCED82-1A22-454A-9F5C-8F58B3AD7B6B}\244584572633D2B4743484 : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{96CCED82-1A22-454A-9F5C-8F58B3AD7B6B}\A5978554C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{96CCED82-1A22-454A-9F5C-8F58B3AD7B6B}\F42377962756C6563737138354345344 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= 
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-mStart Page = hxxp://www.google.com
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: /\/\/\/\/\/\/\/\/\: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\/\/\/\/\/\/\/\/\/\/\/\/\.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: /\/\/\/\/\/\/\/\/\/\/\: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\/\/\/\/\/\/\/\/\.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\/\/\/\/\/\/\/\/\.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\/\/\/\/\/\/\/\/\.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tnx\AppData\Roaming\Mozilla\Firefox\Profiles\rkojai73.default-1400031483615\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
FF - ExtSQL: 2014-05-07 15:20; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2014-05-14 04:26; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\tnx\AppData\Roaming\Mozilla\Firefox\Profiles\rkojai73.default-1400031483615\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-5-7 601944]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-5-7 301912]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2014-5-7 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-7 65368]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-7 44768]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-2-14 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-2-14 1857600]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-2-14 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-14 436840]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-2-14 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-27 1255736]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-14 98208]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-6 204288]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]
S4 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-10-13 2568120]
S4 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-14 1817088]
S4 LMIGuardianSvc;LMIGuardianSvc;"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" --> C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-05-15 18:32:21        --------   d-----w-                C:\Program Files (x86)\ESET
2014-05-14 12:32:18        --------   d-----w-                C:\Program Files\Enigma Software Group
2014-05-14 12:31:05        --------   d-----w-                C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-14 12:31:01        --------   d-----w-                C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-05-14 00:44:06        536576  ----a-w-                C:\Windows\SysWow64\sqlite3.dll
2014-05-14 00:42:29        --------   d-----w-                C:\AdwCleaner
2014-05-14 00:41:06        --------   d-----w-                C:\Windows\ERUNT
2014-05-07 14:21:06        65368    ----a-w-                C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-07 14:21:06        601944  ----a-w-                C:\Windows\System32\drivers\aswSnx.sys
2014-05-07 14:20:50        41184    ----a-w-                C:\Windows\avastSS.scr
2014-05-07 14:20:37        --------   d-----w-                C:\Program Files\AVAST Software
2014-05-07 14:16:01        --------   d-s---w-               C:\Windows\SysWow64\Microsoft
2014-05-06 20:50:00        --------   d-----w-                C:\Windows\PCHEALTH
2014-05-06 20:44:51        --------   d-----w-                C:\Program Files (x86)\Microsoft Analysis Services
2014-05-06 20:44:42        --------   d-----w-                C:\Windows\SHELLNEW
2014-04-17 13:05:32        --------   d-----w-                C:\ProgramData\1cd334f669cda57d
2014-04-17 13:05:29        --------   d-----w-                C:\Users\tnx\AppData\Local\Comodo
2014-04-17 00:12:26        --------   d-----w-                C:\ProgramData\Microsoft Toolkit
.
==================== Find3M  ====================
.
2014-04-16 15:51:22        692400  ----a-w-                C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-16 15:51:21        70832    ----a-w-                C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:41:31.63 ===============
 
(up front this infection I did some changes and switched off some processes etc.)

Attached Files


Edited by Min-C, 17 May 2014 - 06:04 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 21 May 2014 - 01:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/534547 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Min-C

Min-C
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 22 May 2014 - 06:18 AM

,
After using ESET scan Internet Explorer is not run automatically (this problem was since the beginning) and I cannot see this message anymore (www.getwindowinfo).


The internet connection is available after 2-3 minutes each time I start a system (through this 3 minutes I am connected but I cannot open any website).


In the Start Menu I cannot see programs (there are just two: internet explorer and Command Prompt).

When I type 'Word' in the Start Menu search: I cannot see exe icon.

When I type 'Opera' in the Start Menu search: I can see exe icon,

but after I click on it I see: 'Windows cannot find "Launcher.exe". Make sure you typed the name correctly, and then try again'.


After typing Word file name I can start it from the Start Menu.


In 'Accessories' (Start Menu) I see: Command Prompt, Run, Windows Explorer, Ease of Access, System Tools, Windows PowerShell.

But when I right click on jpeg file I can 'open with Paint' (it was impossible 5 days ago).


The 'All Programs' list in Start Menu is reduced a lot.

Yesterday the first time 'Microsoft Silverlight' asked me about 'full screen mode'.


'Advanced Windows 32 Base API'
- is it possible that this file was installed into system files.
(I know that one is there since beginning, but could a virus overwrite an original file?)



A computer works slower and an internet browser is unresponsive often (Mozilla). A mouse icon could be better.


- the MiniToolBox

- the TDSSKiller

- the AdwCleaner

- the JRT (Junk Removal Cleaner)

- ESET

After AdwCleaner I lost internet connection (no internet at all). Thanks to this forum I found a help.
I typed in Command Prompt:

- netsh winsock reset

- netsh interface ipv4 reset (successful)



(Dear Helper - please don't think that I am crazy or ignorant but there is one particular program which I don't want to share with every average user as me. In this case I used /\/\/\ \ /\/\/\ \ /\/\/\
This program is fully trusted and just name and producer is covered. Once again, please don't judge and blame me.
The name may be send in a private message)



------------------------------------------------------------------------------------------------------------------


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.45.2
Run by tnx at 10:13:16 on 2014-05-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.7787.6370 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)/\/\/\ \ /\/\/\ \ /\/\/\.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k wcssvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
BHO: /\/\/\ Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;/\/\/\ Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll
TB: &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;/\/\/\ Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [/\/\/\] "C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\TaskBarIcon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1aa.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ab - Rob knows.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ac - Thiomersal traces.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ad - counterpart - A copy or duplicate of a legal paper, Unmediated.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ae - krecenie, krecenie sie.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1af - opposite.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ag - following on from that.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ah - light-headedness.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ai - perpetual.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1aj - aside from, persevere.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ak - hold sb on his word.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1b - messages , mails.txt
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pxtaskbartrans.exe
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$ How does the trade work.docx
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$97 Avoiding scams.docx
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$all.docx
StartupFolder: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$l short.docx
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: Customize Menu - C:/Program Files (x86)/ /\/\/\ \ /\/\/\ \ /\/\/\.html
IE: Fill Forms - C:/Program Files (x86)/ /\/\/\ \ /\/\/\ \ /\/\/\.html
IE: Save Forms - C:/Program Files (x86)/ /\/\/\ \ /\/\/\ \ /\/\/\.html
IE: Show /\/\/\ Toolbar - C:/Program Files (x86)/ /\/\/\ \ /\/\/\ \ /\/\/\.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab (('mks vir' on-line anty virus scaner))
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{96CCED82-1A22-454A-9F5C-8F58B3AD7B6B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{96CCED82-1A22-454A-9F5C-8F58B3AD7B6B}\244584572633D235237434 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{96CCED82-1A22-454A-9F5C-8F58B3AD7B6B}\244584572633D2B4743484 : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{96CCED82-1A22-454A-9F5C-8F58B3AD7B6B}\A5978554C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{96CCED82-1A22-454A-9F5C-8F58B3AD7B6B}\F42377962756C6563737138354345344 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck -
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-mStart Page = hxxp://www.google.com
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: /\/\/\ Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: /\/\/\ Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-SSODL: WebCheck -
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tnx\AppData\Roaming\Mozilla\Firefox\Profiles\rkojai73.default-1400031483615\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
FF - ExtSQL: 2014-05-07 15:20; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2014-05-14 04:26; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\tnx\AppData\Roaming\Mozilla\Firefox\Profiles\rkojai73.default-1400031483615\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-5-7 601944]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-5-7 301912]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2014-5-7 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-7 65368]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-7 44768]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-2-14 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-2-14 1857600]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-2-14 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-14 436840]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-2-14 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-27 1255736]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-14 98208]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-6 204288]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]
S4 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-10-13 2568120]
S4 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; C:\Windows\System32\ezSharedSvcHost.exe [?]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-14 1817088]
S4 LMIGuardianSvc;LMIGuardianSvc;"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" --&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-05-15 18:32:21 -------- d-----w- C:\Program Files (x86)\ESET
2014-05-14 12:32:18 -------- d-----w- C:\Program Files\Enigma Software Group
2014-05-14 12:31:05 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-14 12:31:01 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-05-14 00:44:06 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-14 00:42:29 -------- d-----w- C:\AdwCleaner
2014-05-14 00:41:06 -------- d-----w- C:\Windows\ERUNT
2014-05-07 14:21:06 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-07 14:21:06 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-05-07 14:20:50 41184 ----a-w- C:\Windows\avastSS.scr
2014-05-07 14:20:37 -------- d-----w- C:\Program Files\AVAST Software
2014-05-07 14:16:01 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-05-06 20:50:00 -------- d-----w- C:\Windows\PCHEALTH
2014-05-06 20:44:51 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-05-06 20:44:42 -------- d-----w- C:\Windows\SHELLNEW
2014-04-26 16:52:53 173056 ----a-w- C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pxtaskbartrans.exe
.
==================== Find3M ====================
.
2014-04-16 15:51:22 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-16 15:51:21 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 10:14:34.95 ===============

Edited by Min-C, 22 May 2014 - 09:17 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:17 AM

Posted 23 May 2014 - 08:54 AM

Greetings Min-C and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Min-C

Min-C
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 23 May 2014 - 03:58 PM

Hello Dear Gary, my dear helper. There is Greg - thanks for your good heart.

I really appreciate your intentions (and its means something). I have read that you volunteer...

After read the first paragraph of your post I laughed.

Thank you for your assistance indeed :thumbsup2:

"Friends" means something :) (In my country 'friend' is something more than just a word,
there is a few similar words to describe it, but 'friend' is the highest in a hierarchy) :)

Edited by Min-C, 23 May 2014 - 05:10 PM.


#6 Min-C

Min-C
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 23 May 2014 - 04:08 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2014
Ran by tnx (administrator) on NMC on 23-05-2014 21:04:34
Running from C:\Users\tnx\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(/\/\/\) C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\icon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] =&amp;amp;gt; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2821416 2011-08-19] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] =&amp;amp;gt; C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [avast] =&amp;amp;gt; C:\Program Files\AVAST Software\Avast\avastUI.exe [3712104 2011-08-24] (AVAST Software)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1384993692-3093620732-3354122869-1002\...\Run: [/\/\/\] =&amp;amp;gt; C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\TaskBarIcon.exe [109784 2014-05-14] (/\/\/\)
HKU\S-1-5-21-1384993692-3093620732-3354122869-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1384993692-3093620732-3354122869-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1384993692-3093620732-3354122869-1002\...\MountPoints2: {ba3c39d9-d153-11e2-8255-009c0221608a} - G:\Startme.exe
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1aa.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ab - Rob knows.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ac - Thiomersal traces.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ad - counterpart - A copy or duplicate of a legal paper, Unmediated.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ae - krecenie, krecenie sie.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1af - opposite.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ag - following on from that.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ah - light-headedness.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ai - perpetual.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1aj - aside from, persevere.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1ak - hold sb on his word.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ang1b - messages , mails.txt ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pxtaskbartrans.exe (opx.bit)
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$ How does the trade work.docx ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$97 Avoiding scams.docx ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$all.docx ()
Startup: C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~$l short.docx ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&amp;amp;amp;q={searchTerms}&amp;amp;amp;a=coolmsd&amp;amp;amp;cd=2XzuyEtN2Y1L1QzuyB0C0Ezy0DtAtAyDtCyD0F0ByByC0E0EtN0D0Tzu0CyDyBtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&amp;amp;amp;cr=253040485&amp;amp;amp;ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&amp;amp;amp;q={searchTerms}&amp;amp;amp;a=coolmsd&amp;amp;amp;cd=2XzuyEtN2Y1L1QzuyB0C0Ezy0DtAtAyDtCyD0F0ByByC0E0EtN0D0Tzu0CyDyBtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&amp;amp;amp;cr=253040485&amp;amp;amp;ir=
SearchScopes: HKLM - {5E674105-A37E-CFA5-1939-2EDFB52CA25A} URL = http://start.funmoods.com/results.php?f=4&amp;amp;amp;q={searchTerms}&amp;amp;amp;a=iron2&amp;amp;amp;chnl=iron2&amp;amp;amp;cd=2XzuyEtN2Y1L1QzuyB0C0Ezy0DtAtAyDtCyD0F0ByByC0E0EtN0D0Tzu0CtBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&amp;amp;amp;cr=185414815
SearchScopes: HKLM - {83EB4F9F-917F-4D0E-AC1F-A6924B6A259A} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&amp;amp;amp;tag=hp-uk3-vsb-21&amp;amp;amp;link%5Fcode=qs&amp;amp;amp;index=aps&amp;amp;amp;field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {5E674105-A37E-CFA5-1939-2EDFB52CA25A} URL = http://uk.search.yahoo.com/search?fr=mcafee&amp;amp;amp;p={SearchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: /\/\/\ Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\-x64.dll (/\/\/\)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: /\/\/\ Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll (/\/\/\)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - &amp;amp;amp;/\/\/\ Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll (/\/\/\)
Toolbar: HKLM-x32 - &amp;amp;amp;/\/\/\ Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll (/\/\/\.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - &amp;amp;amp;/\/\/\ Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\.dll (/\/\/\)
DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\tnx\AppData\Roaming\Mozilla\Firefox\Profiles\rkojai73.default-1400031483615
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\tnx\AppData\Roaming\Mozilla\Firefox\Profiles\rkojai73.default-1400031483615\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-07]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI /\/\/\\Firefox
FF Extension: /\/\/\ Toolbar for Firefox - C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \Firefox [2014-04-17]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. &amp;amp;lt;======= ATTENTION
CHR Extension: (No Name) - C:\Users\tnx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlaenadidhkmnafnbnipbenknchfkknk [2014-04-17]

==================== Services (Whitelisted) =================

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2011-08-24] (AVAST Software)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-08-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [65368 2011-08-24] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-08-24] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [601944 2011-08-24] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [301912 2011-08-24] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [58200 2011-08-24] (AVAST Software)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2013-08-26] (Duplex Secure Ltd.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 21:04 - 2014-05-23 21:05 - 00013516 _____ () C:\Users\tnx\Desktop\FRST.txt
2014-05-23 21:03 - 2014-05-23 21:04 - 00000000 ____D () C:\FRST
2014-05-23 21:02 - 2014-05-23 21:02 - 02067456 _____ (Farbar) C:\Users\tnx\Desktop\FRST64.exe
2014-05-22 09:50 - 2014-05-23 01:19 - 00000152 _____ () C:\Users\tnx\Desktop\ers.txt
2014-05-21 12:48 - 2014-05-21 12:48 - 00000000 ____D () C:\Users\tnx\Desktop\Applications
2014-05-17 15:41 - 2014-05-17 15:41 - 00000026 _____ () C:\Users\tnx\Desktop\well-suited to its purpose.txt
2014-05-17 00:22 - 2014-05-22 11:34 - 00000000 ____D () C:\Users\tnx\Desktop\reparation
2014-05-16 14:09 - 2014-05-16 19:10 - 00000000 ____D () C:\Users\tnx\Desktop\/\/\/\_files
2014-05-16 02:17 - 2014-05-16 02:17 - 00000000 ____D () C:\Users\tnx\Desktop\Mozilla 16 standard (first) settings (tunning)
2014-05-15 19:32 - 2014-05-15 19:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-15 05:23 - 2014-05-15 05:23 - 00000362 _____ () C:\Users\tnx\Desktop\int back.txt
2014-05-14 13:33 - 2014-05-14 13:33 - 00000000 _____ () C:\autoexec.bat
2014-05-14 13:32 - 2014-05-14 13:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-14 13:31 - 2014-05-14 14:52 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-14 02:38 - 2014-05-14 02:38 - 00000000 ____D () C:\Users\tnx\Desktop\Old Firefox Data
2014-05-14 01:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-14 01:42 - 2014-05-15 05:33 - 00000000 ____D () C:\AdwCleaner
2014-05-14 01:41 - 2014-05-14 01:41 - 00000000 ____D () C:\Windows\ERUNT
2014-05-12 04:19 - 2014-05-12 04:19 - 00000324 _____ () C:\Users\tnx\Desktop\Yin Yang.txt
2014-05-12 02:49 - 2014-05-12 02:49 - 00000049 _____ () C:\Users\tnx\Desktop\yoga - tummo.txt
2014-05-12 02:48 - 2014-05-12 02:48 - 00000034 _____ () C:\Users\tnx\Desktop\nothing less than.txt
2014-05-11 01:49 - 2014-05-11 02:06 - 00352256 _____ () C:\Users\tnx\Documents\Database2.accdb
2014-05-10 07:23 - 2014-05-11 00:03 - 00000000 ____D () C:\Users\tnx\Desktop\Cuda Natury - National Geographic
2014-05-10 04:25 - 2014-05-18 01:23 - 00000000 ____D () C:\Users\tnx\Desktop\insect specimens
2014-05-09 13:18 - 2014-05-13 11:38 - 00000000 ____D () C:\Users\tnx\Desktop\Cover Letter
2014-05-07 15:21 - 2011-08-24 16:56 - 00254400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-07 15:21 - 2011-08-24 16:49 - 00601944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-07 15:21 - 2011-08-24 16:49 - 00301912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-05-07 15:21 - 2011-08-24 16:48 - 00065368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-07 15:21 - 2011-08-24 16:48 - 00058200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-05-07 15:21 - 2011-08-24 16:48 - 00042328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-05-07 15:21 - 2011-08-24 16:47 - 00024408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2014-05-07 15:20 - 2014-05-07 15:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-07 15:20 - 2011-08-24 16:57 - 00041184 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-07 15:17 - 2014-05-14 01:56 - 00348910 _____ () C:\Windows\PFRO.log
2014-05-07 03:37 - 2014-05-07 03:41 - 00348160 _____ () C:\Users\tnx\Documents\Database1.accdb
2014-05-06 21:50 - 2014-05-06 21:50 - 00000000 ____D () C:\Windows\PCHEALTH
2014-05-06 21:45 - 2014-05-06 21:45 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-06 21:44 - 2014-05-06 21:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-06 21:44 - 2014-05-06 21:44 - 00000000 ____D () C:\Windows\SHELLNEW
2014-05-06 21:44 - 2014-05-06 21:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-05-06 21:43 - 2014-05-06 21:43 - 00000000 __RHD () C:\MSOCache
2014-05-05 20:07 - 2014-05-05 20:08 - 00360058 _____ () C:\Users\tnx\Desktop\bookmarks 2014.html
2014-05-05 02:57 - 2014-05-05 03:02 - 00000000 ____D () C:\Users\tnx\Desktop\orc
2014-05-04 16:26 - 2014-05-23 20:59 - 00005712 _____ () C:\Windows\setupact.log
2014-05-04 16:26 - 2014-05-04 16:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-26 17:20 - 2014-04-26 17:20 - 00000019 _____ () C:\Users\tnx\Desktop\eva.txt
2014-04-24 12:19 - 2014-04-24 12:19 - 00000100 _____ () C:\Users\tnx\Desktop\łaknąć jak kania deszczu.txt

==================== One Month Modified Files and Folders =======

2014-05-23 21:05 - 2014-05-23 21:04 - 00013516 _____ () C:\Users\tnx\Desktop\FRST.txt
2014-05-23 21:04 - 2014-05-23 21:03 - 00000000 ____D () C:\FRST
2014-05-23 21:03 - 2012-02-14 06:26 - 01693691 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 21:02 - 2014-05-23 21:02 - 02067456 _____ (Farbar) C:\Users\tnx\Desktop\FRST64.exe
2014-05-23 20:59 - 2014-05-04 16:26 - 00005712 _____ () C:\Windows\setupact.log
2014-05-23 20:59 - 2012-09-13 16:17 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-05-23 20:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 18:45 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 18:45 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 01:19 - 2014-05-22 09:50 - 00000152 _____ () C:\Users\tnx\Desktop\ers.txt
2014-05-22 14:51 - 2014-03-12 06:56 - 00000000 ____D () C:\Users\tnx\Desktop\Metallica
2014-05-22 13:53 - 2013-11-13 01:01 - 00000795 _____ () C:\Users\tnx\Desktop\orzeczenie imienne.txt
2014-05-22 13:00 - 2013-09-21 05:03 - 00000000 ___RD () C:\Users\tnx\Desktop\pulpit pi-sa-ne
2014-05-22 11:34 - 2014-05-17 00:22 - 00000000 ____D () C:\Users\tnx\Desktop\reparation
2014-05-22 11:33 - 2014-03-31 01:46 - 00000000 ___RD () C:\Users\tnx\Desktop\Zdjecia
2014-05-21 20:55 - 2013-02-23 18:54 - 00000000 ____D () C:\Users\tnx\AppData\Roaming\mmc! Pwd
2014-05-21 12:48 - 2014-05-21 12:48 - 00000000 ____D () C:\Users\tnx\Desktop\Applications
2014-05-20 13:08 - 2009-07-14 06:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 01:23 - 2014-05-10 04:25 - 00000000 ____D () C:\Users\tnx\Desktop\insect specimens
2014-05-17 15:41 - 2014-05-17 15:41 - 00000026 _____ () C:\Users\tnx\Desktop\well-suited to its purpose.txt
2014-05-17 00:26 - 2013-10-08 15:35 - 00000000 ___HD () C:\Users\tnx\Desktop\[Originals]
2014-05-16 20:54 - 2013-12-30 07:29 - 00000000 ____D () C:\Users\tnx\Desktop\beat
2014-05-16 19:10 - 2014-05-16 14:09 - 00000000 ____D () C:\Users\tnx\Desktop\ /\/\/\ files
2014-05-16 02:17 - 2014-05-16 02:17 - 00000000 ____D () C:\Users\tnx\Desktop\Mozilla 16 standard (first) settings (tunning)
2014-05-15 21:29 - 2013-12-30 15:22 - 00000000 ____D () C:\Users\tnx\Desktop\ang
2014-05-15 19:32 - 2014-05-15 19:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-15 05:33 - 2014-05-14 01:42 - 00000000 ____D () C:\AdwCleaner
2014-05-15 05:23 - 2014-05-15 05:23 - 00000362 _____ () C:\Users\tnx\Desktop\int back.txt
2014-05-14 14:52 - 2014-05-14 13:31 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-14 13:33 - 2014-05-14 13:33 - 00000000 _____ () C:\autoexec.bat
2014-05-14 13:32 - 2014-05-14 13:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-14 03:14 - 2013-07-27 00:01 - 00004112 _____ () C:\Windows\System32\Tasks\Open URL by /\/\/\
2014-05-14 03:14 - 2013-07-27 00:01 - 00003488 _____ () C:\Windows\System32\Tasks\Run /\/\/\ TaskBar Icon
2014-05-14 03:13 - 2014-04-17 21:52 - 00000000 ____D () C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\/\/\/\
2014-05-14 02:38 - 2014-05-14 02:38 - 00000000 ____D () C:\Users\tnx\Desktop\Old Firefox Data
2014-05-14 01:56 - 2014-05-07 15:17 - 00348910 _____ () C:\Windows\PFRO.log
2014-05-14 01:50 - 2012-07-25 19:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2014-05-14 01:50 - 2011-10-17 20:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-14 01:50 - 2011-10-17 20:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-05-14 01:50 - 2011-10-17 20:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-05-14 01:50 - 2011-10-17 19:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-05-14 01:50 - 2011-10-17 19:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-05-14 01:50 - 2011-10-17 19:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-05-14 01:50 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-14 01:50 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 01:50 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 01:50 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-14 01:50 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-14 01:41 - 2014-05-14 01:41 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 00:23 - 2012-07-25 21:34 - 00000000 ____D () C:\Users\tnx\AppData\Local\CrashDumps
2014-05-13 11:52 - 2014-02-25 19:09 - 00000000 ____D () C:\Users\tnx\Desktop\shortcuts
2014-05-13 11:38 - 2014-05-09 13:18 - 00000000 ____D () C:\Users\tnx\Desktop\Cover Letter
2014-05-13 11:38 - 2012-11-07 01:28 - 00000000 ___RD () C:\Users\tnx\Desktop\Folders
2014-05-12 04:19 - 2014-05-12 04:19 - 00000324 _____ () C:\Users\tnx\Desktop\Yin Yang.txt
2014-05-12 02:49 - 2014-05-12 02:49 - 00000049 _____ () C:\Users\tnx\Desktop\yoga - tummo.txt
2014-05-12 02:48 - 2014-05-12 02:48 - 00000034 _____ () C:\Users\tnx\Desktop\nothing less than.txt
2014-05-12 02:03 - 2014-03-26 08:56 - 00000000 ____D () C:\Users\tnx\Desktop\dialogi
2014-05-12 00:09 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-11 20:32 - 2014-03-16 01:13 - 00000000 ____D () C:\Users\tnx\Desktop\Cale Aktorstwo
2014-05-11 02:06 - 2014-05-11 01:49 - 00352256 _____ () C:\Users\tnx\Documents\Database2.accdb
2014-05-11 00:03 - 2014-05-10 07:23 - 00000000 ____D () C:\Users\tnx\Desktop\Cuda Natury - National Geographic
2014-05-08 23:04 - 2014-03-25 19:14 - 00000000 ____D () C:\Users\tnx\Desktop\sony exp
2014-05-07 15:21 - 2012-07-25 21:38 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-07 15:20 - 2014-05-07 15:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-07 15:20 - 2012-07-25 21:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-07 15:17 - 2014-04-17 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 11:17 - 2014-04-15 12:33 - 00414528 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-07 03:41 - 2014-05-07 03:37 - 00348160 _____ () C:\Users\tnx\Documents\Database1.accdb
2014-05-07 03:17 - 2012-09-02 01:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-06 22:20 - 2014-04-15 12:36 - 00108360 _____ () C:\Users\tnx\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 21:50 - 2014-05-06 21:50 - 00000000 ____D () C:\Windows\PCHEALTH
2014-05-06 21:50 - 2014-05-06 21:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-06 21:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-06 21:45 - 2014-05-06 21:45 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-06 21:44 - 2014-05-06 21:44 - 00000000 ____D () C:\Windows\SHELLNEW
2014-05-06 21:44 - 2014-05-06 21:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-05-06 21:43 - 2014-05-06 21:43 - 00000000 __RHD () C:\MSOCache
2014-05-05 20:08 - 2014-05-05 20:07 - 00360058 _____ () C:\Users\tnx\Desktop\bookmarks 2014.html
2014-05-05 03:02 - 2014-05-05 02:57 - 00000000 ____D () C:\Users\tnx\Desktop\orc
2014-05-04 16:26 - 2014-05-04 16:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-02 21:36 - 2014-04-08 14:30 - 00000288 _____ () C:\Users\tnx\Desktop\cover letter note.txt
2014-04-26 18:37 - 2014-04-15 05:03 - 00000000 ____D () C:\Windows\pss
2014-04-26 18:37 - 2012-07-25 19:23 - 00000000 ___RD () C:\Users\tnx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-26 17:20 - 2014-04-26 17:20 - 00000019 _____ () C:\Users\tnx\Desktop\eva.txt
2014-04-24 16:57 - 2012-08-02 19:48 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFortnx
2014-04-24 16:57 - 2012-08-02 19:48 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleFortnx.job
2014-04-24 12:19 - 2014-04-24 12:19 - 00000100 _____ () C:\Users\tnx\Desktop\łaknąć jak kania deszczu.txt
2014-04-23 10:33 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Bamital &amp;amp;amp; volsnap Check =================

C:\Windows\System32\winlogon.exe =&amp;amp;gt; MD5 is legit
C:\Windows\System32\wininit.exe =&amp;amp;gt; MD5 is legit
C:\Windows\SysWOW64\wininit.exe =&amp;amp;gt; MD5 is legit
C:\Windows\explorer.exe =&amp;amp;gt; MD5 is legit
C:\Windows\SysWOW64\explorer.exe =&amp;amp;gt; MD5 is legit
C:\Windows\System32\svchost.exe =&amp;amp;gt; MD5 is legit
C:\Windows\SysWOW64\svchost.exe =&amp;amp;gt; MD5 is legit
C:\Windows\System32\services.exe =&amp;amp;gt; MD5 is legit
C:\Windows\System32\User32.dll =&amp;amp;gt; MD5 is legit
C:\Windows\SysWOW64\User32.dll =&amp;amp;gt; MD5 is legit
C:\Windows\System32\userinit.exe =&amp;amp;gt; MD5 is legit
C:\Windows\SysWOW64\userinit.exe =&amp;amp;gt; MD5 is legit
C:\Windows\System32\rpcss.dll =&amp;amp;gt; MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys =&amp;amp;gt; MD5 is legit


LastRegBack: 2014-05-20 03:21

==================== End Of Log ============================

Edited by Min-C, 23 May 2014 - 04:52 PM.


#7 Min-C

Min-C
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 23 May 2014 - 04:55 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-05-2014
Ran by tnx at 2014-05-23 21:06:13
Running from C:\Users\tnx\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

APro 6 (HKLM\...\{CAF674E0-808C-4CF4-8868-A755EBABA228}) (Version: 6.3.221 - ASystems International Inc.)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0705.1115.18310 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60705.1113 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0705.1115.18310 - ATI) Hidden
ATI Catalyst Install Manager (HKLM\...\{B3C4ADC9-637E-DDD9-A66C-782AE5E2E667}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 6.0.1270.0 - AVAST Software)
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0705.1115.18310 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0705.1115.18310 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0705.1115.18310 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help English (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help French (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help German (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
ccc-utility64 (Version: 2011.0705.1115.18310 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4606 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.0.4606 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC++ 0.799 (HKLM-x32\...\DC++) (Version: 0.799 - Jacek Sieka)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
Future Pinball (HKLM-x32\...\Future Pinball_is1) (Version: Version 1.9.1.20101231 - Chris Leathley)
GG (HKCU\...\GG) (Version: 11 - GG Network S.A.)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{39FCC6B7-FFF5-4075-A5E8-B5CEBD54C331}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}) (Version: 4.5.1.1 - Hewlett-Packard Company)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox (x86 en-US) (HKLM-x32\...\Mozilla Firefox (x86 en-US)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MBit 0.5.13 (HKLM-x32\...\MBit 0.5.13) (Version: 0.5.13 - )
MBit 0.5.16 (HKLM-x32\...\MBit 0.5.16) (Version: 0.5.16 - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6461 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Romo-7 (HKCU\...\ALR) (Version: 7-9-5-7 - Ber Sys)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.21.0 - Synaptics Incorporated)
The Fiat! Professional v5 (HKLM-x32\...\{D1519491-C883-463C-A605-8C8969B2DAA9}) (Version: 5- labs)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points =========================

21-04-2014 01:35:18 avast! antivirus system restore point
03-05-2014 20:46:04 Removed LogMeIn Hamachi
06-05-2014 07:06:00 Removed Microsoft Office Professional Plus 2010
06-05-2014 20:42:55 Installed Microsoft Office Professional 2010
07-05-2014 14:14:52 avast! antivirus system restore point
07-05-2014 14:20:00 avast! Free Antivirus Setup
11-05-2014 23:08:10 Removed BlueStacks Notification Center
14-05-2014 12:31:15 Installed SpyHunter
14-05-2014 13:50:02 Removed SpyHunter
15-05-2014 17:49:13 Installed Microsoft Fix it 50267

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {002F835E-26FB-4487-A051-0B087086FE8D} - System32\Tasks\5026 =&amp;amp;amp;gt; Wscript.exe C:\Users\tnx\AppData\Local\Temp\launchie.vbs //B &amp;amp;amp;lt;==== ATTENTION
Task: {504B701A-5383-4195-9FAD-5DA571DDB251} - System32\Tasks\CCleanerSkipUAC =&amp;amp;amp;gt; C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {5BDA23C1-4FF2-43BD-A536-A3D8FF3750A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis =&amp;amp;amp;gt; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {7D49BEB8-7AC1-463A-9F2E-1A1982C2D76E} - System32\Tasks\HPCeeScheduleFortnx =&amp;amp;amp;gt; C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {915E66DE-4932-4424-A186-2706363B45BA} - System32\Tasks\MirageAgent =&amp;amp;amp;gt; C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-10-07] (CyberLink)
Task: {9DB1E839-F87A-4E86-9FCD-BD668359E39A} - System32\Tasks\AutoKMS =&amp;amp;amp;gt; C:\Windows\AutoKMS\AutoKMS.exe
Task: {B457BA4A-48A3-48A1-9F45-374CF5172771} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check =&amp;amp;amp;gt; C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {B5CA22BE-2004-463B-9795-F2FB166DEBB2} - System32\Tasks\Run /\/\/\ TaskBar Icon =&amp;amp;amp;gt; C:\Program Files (x86)\ /\/\/\ \ /\/\/\ \ /\/\/\TaskBarIcon.exe [2014-05-14] (/\/\/\)
Task: {D4E0CC2A-94EC-430A-8EB1-D3FB948CBC31} - System32\Tasks\Open URL by /\/\/\ =&amp;amp;amp;gt; Rundll32.exe url.dll,FileProtocolHandler "http://www./\/\/\.com/test-pass.html?aaa=KICMHMJMJMJLLMPMJLLLCNHMLMNMGMCNHMJMPMNMCNIMJMMMMMCNJMMMOLHMMLJLNLLMKLKLMMOMJNJICMIMCNGMCNKMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMOMNMNMGMJNHICMEKMICNJJCKJNBJCMIJNIKJIJMIEJKJKJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMKMOMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {D85ACC66-13D1-4E4C-80E0-D84973399A24} - System32\Tasks\0 =&amp;amp;amp;gt; Iexplore.exe &amp;amp;amp;lt;==== ATTENTION
Task: {DFB0DBBB-FB1E-438D-BFF1-281C514E082B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup =&amp;amp;amp;gt; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {F4056628-E944-4DB6-91F1-87BE5A9771E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start =&amp;amp;amp;gt; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: C:\Windows\Tasks\AutoKMS.job =&amp;amp;amp;gt; C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\HPCeeScheduleFortnx.job =&amp;amp;amp;gt; C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-10-24 09:05 - 2012-04-01 00:06 - 02689536 _____ () C:\Program Files (x86)\File Shredder\fsshell.dll
2014-05-07 15:20 - 2011-08-24 16:56 - 00174536 _____ () C:\Program Files\AVAST Software\Avast\aswStrm.dll
2014-05-23 18:42 - 2014-05-23 17:10 - 02294784 _____ () C:\Program Files\AVAST Software\Avast\defs\14052300\algo.dll
2014-04-17 20:40 - 2014-05-07 15:16 - 03294832 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice =&amp;amp;amp;gt; 2
MSCONFIG\Services: AERTFilters =&amp;amp;amp;gt; 2
MSCONFIG\Services: AMD External Events Utility =&amp;amp;amp;gt; 2
MSCONFIG\Services: AMD FUEL Service =&amp;amp;amp;gt; 2
MSCONFIG\Services: asdsrv =&amp;amp;amp;gt; 2
MSCONFIG\Services: CodeMeter.exe =&amp;amp;amp;gt; 2
MSCONFIG\Services: Hamachi2Svc =&amp;amp;amp;gt; 2
MSCONFIG\Services: HPClientSvc =&amp;amp;amp;gt; 2
MSCONFIG\Services: IconMan_R =&amp;amp;amp;gt; 2
MSCONFIG\Services: LMIGuardianSvc =&amp;amp;amp;gt; 2
MSCONFIG\Services: MozillaMaintenance =&amp;amp;amp;gt; 3
MSCONFIG\startupfolder: C:^Users^tnx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk =&amp;amp;amp;gt; C:\Windows\pss\Privoxy.lnk.Startup
MSCONFIG\startupreg: ACPW06EN =&amp;amp;amp;gt; "C:\Program Files\ASystems\APro\6.0\APro6InTouch2.exe" /pid ACPW06EN
MSCONFIG\startupreg: Adobe ARM =&amp;amp;amp;gt; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Anvi Smart Defender =&amp;amp;amp;gt; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
MSCONFIG\startupreg: CCleaner Monitoring =&amp;amp;amp;gt; "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Easybits Recovery =&amp;amp;amp;gt; C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: HPQuickWebProxy =&amp;amp;amp;gt; "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: Media Finder =&amp;amp;amp;gt; "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
MSCONFIG\startupreg: SetDefault =&amp;amp;amp;gt; C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: StartCCC =&amp;amp;amp;gt; "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched =&amp;amp;amp;gt; "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2014 09:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/23/2014 06:39:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/23/2014 10:11:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/22/2014 06:43:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/22/2014 10:55:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/22/2014 09:41:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/21/2014 07:01:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/21/2014 02:37:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/21/2014 01:16:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/21/2014 11:53:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003


System errors:
=============
Error: (05/23/2014 09:02:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (05/23/2014 08:59:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (05/23/2014 08:59:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (05/23/2014 08:59:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DirMngr service failed to start due to the following error:
%%2

Error: (05/23/2014 08:59:27 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (05/23/2014 06:40:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (05/23/2014 06:38:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (05/23/2014 06:38:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147014847

Error: (05/23/2014 06:38:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (05/23/2014 06:38:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DirMngr service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (05/23/2014 09:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/23/2014 06:39:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/23/2014 10:11:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/22/2014 06:43:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/22/2014 10:55:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/22/2014 09:41:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/21/2014 07:01:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/21/2014 02:37:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/21/2014 01:16:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003

Error: (05/21/2014 11:53:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &amp;amp;amp;gt; 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-03-25 01:56:31.394
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-03-22 03:15:31.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-13 19:00:51.997
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-13 19:00:02.836
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-13 19:00:02.406
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-13 19:00:00.508
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-13 18:59:59.942
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-13 18:59:19.739
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 7786.91 MB
Available physical RAM: 6347.84 MB
Total Pagefile: 16320.1 MB
Available Pagefile: 14818.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:442.26 GB) (Free:380.19 GB) NTFS ==&amp;amp;amp;gt;[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.34 GB) (Free:0.41 GB) NTFS ==&amp;amp;amp;gt;[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:2.49 GB) FAT32

==================== MBR &amp;amp;amp;amp; Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FB78E59B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=442 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

Attached Files


Edited by Min-C, 23 May 2014 - 05:24 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:17 AM

Posted 23 May 2014 - 05:34 PM

Greetings Greg,

Thank you for your kindness. I would like to caution you about one issue then have you take some steps. Please consider and do this.

===================================================

Cracking Software Warning

--------------------
 

Post by quietman7, on 02 October 2009 - 05:16 AM, said:


A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Quote
Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

Quote
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

Quote
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Task: {002F835E-26FB-4487-A051-0B087086FE8D} - System32\Tasks\5026 =&amp;gt; Wscript.exe C:\Users\tnx\AppData\Local\Temp\launchie.vbs //B &amp;lt;==== ATTENTION
Task: {D85ACC66-13D1-4E4C-80E0-D84973399A24} - System32\Tasks\0 =&amp;gt; Iexplore.exe &amp;lt;==== ATTENTION
C:\Users\tnx\AppData\Local\Temp\launchie.vbs
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Rerun AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Please download and run Microsoft Fix it 50688 to fix a non-malware related technical issue with Windows.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlist
  • AdwCleaner log
  • Junkware log
  • Security check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:17 AM

Posted 23 May 2014 - 07:35 PM

Sorry for my error above, please post the Fixlog rather than the Fixlist which will disappear when you run the fix.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Min-C

Min-C
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 23 May 2014 - 07:46 PM

I thank You for your kindness :)

After previous Adw I lost the internet connection. If it repeat it may take me some time until I type command again Gary :)

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-05-2014
Ran by gregskee at 2014-05-24 01:29:05 Run:1
Running from C:\Users\tnx\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {002F835E-26FB-4487-A051-0B087086FE8D} - System32\Tasks\5026 =&amp;gt; Wscript.exe C:\Users\tnx\AppData\Local\Temp\launchie.vbs //B &amp;lt;==== ATTENTION
Task: {D85ACC66-13D1-4E4C-80E0-D84973399A24} - System32\Tasks\0 =&amp;gt; Iexplore.exe &amp;lt;==== ATTENTION
C:\Users\tnx\AppData\Local\Temp\launchie.vbs
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{002F835E-26FB-4487-A051-0B087086FE8D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{002F835E-26FB-4487-A051-0B087086FE8D} => Key deleted successfully.
C:\Windows\System32\Tasks\5026 =&amp;gt; Wscript.exe C:\Users\tnx\AppData\Local\Temp\launchie.vbs //B &amp;lt;==== ATTENTION not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5026 =&amp;gt; Wscript.exe C:\Users\tnx\AppData\Local\Temp\launchie.vbs //B &amp;lt;==== ATTENTION => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D85ACC66-13D1-4E4C-80E0-D84973399A24} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D85ACC66-13D1-4E4C-80E0-D84973399A24} => Key deleted successfully.
C:\Windows\System32\Tasks\0 =&amp;gt; Iexplore.exe &amp;lt;==== ATTENTION not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 =&amp;gt; Iexplore.exe &amp;lt;==== ATTENTION => Key not found.
"C:\Users\tnx\AppData\Local\Temp\launchie.vbs" => File/Directory not found.

==== End of Fixlog ====


Edited by Min-C, 23 May 2014 - 07:47 PM.


#11 Min-C

Min-C
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 23 May 2014 - 08:04 PM

cool I got the internet, but once again (if you check my description in a middle of this thread you'll see about 'Paint' once again I _don't got_ one when right click on jpeg in 'open' option

# AdwCleaner v3.210 - Report created 24/05/2014 at 01:58:10
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : tnx - NMC
# Running from : C:\Users\tnx\Desktop\reparation\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16447


-\\ Mozilla Firefox v24.5.0 (en-US)

[ File : C:\Users\tnx\AppData\Roaming\Mozilla\Firefox\Profiles\rkojai73.default-1400031483615\prefs.js ]


[ File : C:\Users\tnx\AppData\Roaming\Mozilla\Firefox\Profiles\x3a3vql6.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R2].txt - [925 octets] - [24/05/2014 01:52:26]
AdwCleaner[R3].txt - [846 octets] - [24/05/2014 01:58:10]
AdwCleaner[S2].txt - [985 octets] - [24/05/2014 01:55:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [964 octets] ##########

Edited by Min-C, 23 May 2014 - 08:04 PM.


#12 Min-C

Min-C
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 23 May 2014 - 08:44 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by tnx on 24/05/2014 at 2:14:57.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\tnx\AppData\Roaming\mozilla\firefox\profiles\rkojai73.default-1400031483615\minidumps [17 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/05/2014 at 2:39:13.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by Min-C, 23 May 2014 - 08:50 PM.


#13 Min-C

Min-C
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 23 May 2014 - 09:14 PM

Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 13.0.0.182
Adobe Reader XI
Mozilla Firefox Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:17 AM

Posted 23 May 2014 - 09:16 PM

Thank you, this is the next step.

===================================================

Windows Repair (All in One)

--------------------
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the icon and select Run
  • Continually click Next, then Finish
  • Note: If you are unable to complete one of the steps simply continue on with the next step
  • Go to Step 3 and allow it to run See if Check Disk is Needed by clicking on the Check button:
  • If your see Errors Found On The Drive! Check Disk Is Needed click Do It in the Check Disk (If Needed) box
  • Go to Step 4 and click Do It under System File Check
  • Go to Step 5 and click Create under System Restore, then Backup under Registry Backup
  • Go to Start Repairs tab and click Start button.
  • Please make sure the following items are checked

Reset Registry Permissions
Reset File Permissions (1)
Register System Files
Repair WMI
Repair Windows Firewall
Repair Hosts File
Remove Policies Set By Infections
Repair Missing Start Menu Icons Removed By Infections
Repair Icons
Repair Winsock & DNS Cache
Repair Proxy Settings
Unhide Non System Files (1)
Repair Windows Updates
Repair Volume Shadow Copy Service
Repair .lnk (Shortcuts) File Association
Repair Print Spooler
Restore Important Windows Services
Set Windows Services To Default Startup

  • Click on box next to the Restart/Shutdown System when Finished
  • Click on Restart System
  • Click on Start
  • Your computer will reboot upon completion
  • Using Windows Explorer navigate to the following file

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs

  • Copy and paste the contents of the log in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • All in One log
  • How is your computer running?

Edited by Oh My, 23 May 2014 - 10:31 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Min-C

Min-C
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 23 May 2014 - 09:54 PM

sorry - 'Go to Step 2 and allow it to run See if Check Disk is Needed by clicking on the Check button'


I upgraded 'Malwarebytes' it found any four points which 'I' deleted (computer after reset now) I cannot see these suggestions about 'Check Disc' and 'Check' button at all.

I'll be tomorrow back :) thanks :) thanks Gary :)

Attached Files

  • Attached File  mmc.png   52.46KB   0 downloads

Edited by Min-C, 23 May 2014 - 10:01 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users