Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My machine is running slow/sluggish; logs posted; is it a malaware problem?


  • This topic is locked This topic is locked
20 replies to this topic

#1 radioman4949

radioman4949

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 12 August 2014 - 11:41 AM

I am having problems with my Laptop. I am running Windows 7 ultimate with service pack 1 - 32 bit. I ran HiJackThis and have posted the log below. I'm not sure what to look for to be honest, so any advice with someone with a 'trained-eye' would be really helpful and apprereciated!

 

I ran Malawarebytes and it found  PUP.Optional.MyStartTB.A which I quarantined; but its still slow on the browsers IE11 and Chrome, also PC generally sluggish.

 

Any help would be much appreciated many thanks!

 

Michael

 

Nottingham - UK

 

Log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:39:32, on 12/08/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
 
 
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Lounge\Downloads\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Osbics Update] regsvr32.exe C:\Users\Lounge\AppData\Local\Osbics\msvUsb.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 7287 bytes


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:52 AM

Posted 16 August 2014 - 10:12 AM

:welcome:

Hello radioman4949,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
It is important for you to check your topic at least once a day for a reply. You cannot rely on the e-mail notification system to inform you of new replies as it is not completely reliable.


***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 radioman4949

radioman4949
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 16 August 2014 - 04:57 PM

Hi Jo, thanks for your help.

 

Here are the logs:

 

security check

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 CCleaner     
 Java 7 Update 67  
 Adobe Reader XI  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 
 
OTL logfile txt
 

OTL logfile created on: 16/08/2014 21:38:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lounge\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.94 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 69.44% Memory free
3.87 Gb Paging File | 2.92 Gb Available in Paging File | 75.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 82.79 Gb Total Space | 5.52 Gb Free Space | 6.67% Space Free | Partition Type: NTFS
 
Computer Name: LOUNGE-PC | User Name: Lounge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lounge\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (nvvad_WaveExtensible) -- system32\drivers\nvvad32v.sys File not found
DRV - (Avgdiskx) -- C:\Windows\System32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 F1 7C F7 D9 60 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/04/26 18:02:42 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: https://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Hide My Ass! Web Proxy = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Google Search = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome Web Developer Tools = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmlldeibipeppiabbdjajcneipfbocm\0.1.4_0\
CHR - Extension: EditThisCookie = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.4_0\
CHR - Extension: Select To Get Maps = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1_0\
CHR - Extension: RealDownloader = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Wallet = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05E484C6-42E9-4A42-B383-9D088C02C9D9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8006904B-A2E6-4C00-A879-45510C194795}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/14 22:12:15 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2014/08/14 22:12:14 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2014/08/14 22:12:13 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2014/08/14 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Lounge\AppData\Local\NVIDIA Corporation
[2014/08/14 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/08/13 19:18:30 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/08/13 19:18:24 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/08/13 19:18:16 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/08/13 19:18:13 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014/08/13 03:40:20 | 000,219,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2014/08/13 03:40:18 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/08/13 03:40:14 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/08/13 03:40:14 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/08/13 03:40:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/08/13 03:40:13 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/08/13 03:40:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/08/13 03:40:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/08/13 03:40:12 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/08/13 03:40:12 | 000,307,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/08/13 03:40:12 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/08/13 03:40:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/08/13 03:40:11 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/08/13 03:40:09 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/08/13 03:40:09 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/08/13 03:40:08 | 000,663,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/08/13 03:40:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/08/13 03:40:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/08/13 03:40:02 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/08/13 03:40:00 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/08/13 03:39:59 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/08/13 03:39:56 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/08/13 03:39:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/08/13 03:39:50 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/08/13 03:39:49 | 004,204,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/08/13 03:39:31 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/08/13 03:39:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/08/13 03:39:07 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/08/13 03:39:07 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014/08/13 03:39:07 | 000,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014/08/13 03:38:59 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/08/13 03:38:57 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/08/13 03:38:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAT.DLL
[2014/08/13 03:38:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDYAK.DLL
[2014/08/13 03:38:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU1.DLL
[2014/08/13 03:38:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2014/08/13 03:38:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU.DLL
[2014/08/12 23:11:00 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/08/12 22:28:45 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/11 17:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/08/11 17:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/08/11 16:18:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014/08/11 15:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft COMDisable
[2014/08/10 18:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/08/09 11:36:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2014/08/08 21:25:29 | 000,231,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/08/08 15:35:50 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\48230029.sys
[2014/08/08 01:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/08 01:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/08 00:32:24 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/08 00:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/08 00:31:54 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/08/08 00:31:54 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/08/08 00:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/08 00:24:09 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/08/08 00:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/08/07 16:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/08/07 16:35:01 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/08/07 16:34:32 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/08/07 16:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/07 16:34:31 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/08/07 16:34:31 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/08/07 09:34:09 | 000,000,000 | ---D | C] -- C:\Users\Lounge\AppData\Local\Osbics
[2014/08/01 07:41:31 | 000,045,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2014/08/01 07:41:30 | 002,425,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2014/08/01 07:41:09 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2014/08/01 07:41:09 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2014/08/01 07:41:09 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2014/08/01 07:40:33 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2014/08/01 07:40:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/16 21:16:18 | 000,000,314 | ---- | M] () -- C:\Windows\geoxcli.ini
[2014/08/16 21:02:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/16 20:53:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/16 20:52:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/16 18:26:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/16 16:38:41 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/16 10:18:17 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/16 10:18:17 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/16 02:18:34 | 1559,187,456 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/16 01:14:08 | 000,000,022 | ---- | M] () -- C:\Windows\geobcast.ini
[2014/08/14 22:47:34 | 000,002,229 | ---- | M] () -- C:\Users\Lounge\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/14 22:47:34 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/14 09:29:39 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/08/13 19:53:34 | 000,259,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/13 08:09:30 | 000,670,458 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/13 08:09:30 | 000,129,910 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/13 02:28:34 | 000,003,296 | ---- | M] () -- C:\bootsqm.dat
[2014/08/11 17:45:11 | 000,002,582 | ---- | M] () -- C:\Users\Lounge\Documents\cc_20140811_174458.reg
[2014/08/11 17:04:57 | 139,509,706 | ---- | M] () -- C:\Users\Lounge\Documents\reg-backup-11-08-14.reg
[2014/08/08 16:32:11 | 000,000,025 | ---- | M] () -- C:\Users\Lounge\Documents\.VBS
[2014/08/08 15:35:50 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\48230029.sys
[2014/08/08 15:26:49 | 000,131,302 | ---- | M] () -- C:\Users\Lounge\Documents\mbna payment 2.png
[2014/08/08 15:26:11 | 000,149,960 | ---- | M] () -- C:\Users\Lounge\Documents\mbna payment 1.png
[2014/08/08 01:49:57 | 000,059,672 | ---- | M] () -- C:\Users\Lounge\Documents\cc_20140808_014941.reg
[2014/08/07 16:34:06 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/08/07 16:34:04 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/08/07 16:34:04 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/08/07 16:34:03 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/08/07 02:43:38 | 000,412,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/08/07 02:39:08 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/08/06 21:02:24 | 000,014,564 | ---- | M] () -- C:\Users\Lounge\Desktop\natwest login details michael - Shortcut.lnk
[2014/08/06 10:50:44 | 000,129,945 | ---- | M] () -- C:\Users\Lounge\Documents\ebay listing 2.png
[2014/08/06 10:50:02 | 000,086,779 | ---- | M] () -- C:\Users\Lounge\Documents\ebay listing 1.png
[2014/08/06 10:48:40 | 000,161,735 | ---- | M] () -- C:\Users\Lounge\Documents\shop1.png
[2014/08/06 10:47:33 | 000,219,661 | ---- | M] () -- C:\Users\Lounge\Documents\shop2.png
[2014/08/05 09:20:02 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/08/01 00:16:34 | 000,307,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/07/25 14:04:40 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/07/25 14:03:54 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/07/25 13:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/07/25 13:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/07/25 13:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/07/25 13:18:49 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/07/25 13:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/07/25 13:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/07/25 13:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/07/25 13:10:12 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/07/25 13:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/07/25 13:06:47 | 004,204,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/07/25 12:59:29 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/07/25 12:52:19 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/07/25 12:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/07/25 12:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/07/25 12:29:33 | 000,239,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/07/25 12:13:12 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/07/25 12:09:25 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/07/25 12:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/07/25 12:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/07/25 11:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/07/24 22:00:49 | 000,101,417 | ---- | M] () -- C:\Users\Lounge\Documents\1.jpg
[2014/07/21 23:29:01 | 000,418,575 | ---- | M] () -- C:\Users\Lounge\Documents\videocacheview.zip
 
========== Files Created - No Company Name ==========
 
[2014/08/13 02:28:34 | 000,003,296 | ---- | C] () -- C:\bootsqm.dat
[2014/08/12 18:12:57 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/08/11 17:58:30 | 000,002,229 | ---- | C] () -- C:\Users\Lounge\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/11 17:58:30 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/11 17:57:09 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/11 17:57:08 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/11 17:45:07 | 000,002,582 | ---- | C] () -- C:\Users\Lounge\Documents\cc_20140811_174458.reg
[2014/08/11 17:01:52 | 139,509,706 | ---- | C] () -- C:\Users\Lounge\Documents\reg-backup-11-08-14.reg
[2014/08/08 16:32:08 | 000,000,025 | ---- | C] () -- C:\Users\Lounge\Documents\.VBS
[2014/08/08 15:26:48 | 000,131,302 | ---- | C] () -- C:\Users\Lounge\Documents\mbna payment 2.png
[2014/08/08 15:26:09 | 000,149,960 | ---- | C] () -- C:\Users\Lounge\Documents\mbna payment 1.png
[2014/08/08 01:49:51 | 000,059,672 | ---- | C] () -- C:\Users\Lounge\Documents\cc_20140808_014941.reg
[2014/08/06 21:02:24 | 000,014,564 | ---- | C] () -- C:\Users\Lounge\Desktop\natwest login details michael - Shortcut.lnk
[2014/08/06 10:50:42 | 000,129,945 | ---- | C] () -- C:\Users\Lounge\Documents\ebay listing 2.png
[2014/08/06 10:49:30 | 000,086,779 | ---- | C] () -- C:\Users\Lounge\Documents\ebay listing 1.png
[2014/08/06 10:47:32 | 000,219,661 | ---- | C] () -- C:\Users\Lounge\Documents\shop2.png
[2014/08/06 10:44:58 | 000,161,735 | ---- | C] () -- C:\Users\Lounge\Documents\shop1.png
[2014/07/24 22:00:45 | 000,101,417 | ---- | C] () -- C:\Users\Lounge\Documents\1.jpg
[2014/05/22 06:47:36 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2014/05/22 02:33:06 | 000,000,000 | ---- | C] () -- C:\Users\Lounge\AppData\Local\{3F4EBA95-44B7-43D4-8F66-D374879A306F}
[2014/05/22 01:56:17 | 000,000,000 | ---- | C] () -- C:\Users\Lounge\AppData\Local\{4A510B7B-5ACD-4893-A30F-D47648F4788C}
[2014/04/26 11:30:06 | 000,007,597 | ---- | C] () -- C:\Users\Lounge\AppData\Local\Resmon.ResmonCfg
[2014/04/25 22:21:58 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2014/04/25 22:19:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2014/04/25 21:59:25 | 000,000,314 | ---- | C] () -- C:\Windows\geoxcli.ini
[2014/04/25 21:59:25 | 000,000,022 | ---- | C] () -- C:\Windows\geobcast.ini
[2014/01/23 18:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2014/01/23 18:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2014/01/23 18:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2014/01/23 18:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/05/18 19:56:33 | 000,176,128 | ---- | C] () -- C:\Windows\GeoCodecLib.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/25 19:05:51 | 000,000,000 | ---D | M] -- C:\Users\Lounge\AppData\Roaming\AVG2014
[2014/08/13 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\Lounge\AppData\Roaming\BSplayer
[2014/04/26 18:25:23 | 000,000,000 | ---D | M] -- C:\Users\Lounge\AppData\Roaming\BSplayer Pro
[2014/04/26 15:43:38 | 000,000,000 | ---D | M] -- C:\Users\Lounge\AppData\Roaming\DigitalVolcano
[2014/06/01 15:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lounge\AppData\Roaming\iMobie
[2014/04/25 19:07:31 | 000,000,000 | ---D | M] -- C:\Users\Lounge\AppData\Roaming\Oracle
[2014/05/06 14:04:02 | 000,000,000 | ---D | M] -- C:\Users\Lounge\AppData\Roaming\Samsung
[2014/04/25 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Lounge\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
OTL LogFile
 

OTL Extras logfile created on: 16/08/2014 21:38:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lounge\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.94 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 69.44% Memory free
3.87 Gb Paging File | 2.92 Gb Available in Paging File | 75.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 82.79 Gb Total Space | 5.52 Gb Free Space | 6.67% Space Free | Partition Type: NTFS
 
Computer Name: LOUNGE-PC | User Name: Lounge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0574BB10-9A18-461F-AA95-D4BD3C637CC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{22321251-E992-44CB-BDA7-4482A2A4770B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2243914F-84C3-4A64-9DA1-0AEC191AEC1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24FB44BD-67FE-4C40-8F6E-8ACFAD9ACCA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{35B9670E-FFCA-4755-BB59-F4AD761A5E92}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{35EB0B5B-F5EC-45B1-B032-5C5B78134FB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{60270EA4-D714-49E9-B802-F64BAAF689A9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{604FD434-E778-4C75-8C5F-5BBE95194629}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{652B8D56-07B0-4591-A4B4-7F5651A57117}" = lport=445 | protocol=6 | dir=in | app=system | 
"{67C37BCF-4D0B-48D6-A553-EC206A6A7192}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{762237B9-AE91-4EFB-ACBF-14F4E5AB27AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{78D12D68-0782-4EB3-AB4A-E4F4535CE45A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8A502594-AE2D-4D86-B9F2-22ACC02F0A64}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9B2CC0CD-8A6D-4243-A41F-8B867C0B47A0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A5E88556-BDAB-4195-A80C-D24D30AF2C78}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AB27AA90-CB2D-422A-8FD9-E14B8C74F212}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B1255D90-D670-478F-AFAC-5998694BC74E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CCCF1A9C-15CD-4A87-AECB-D5CD921F8F95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D0CA9E78-8E40-42C3-8F24-A971356ED7DB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D261C19B-8A5E-4518-99DA-C3703D886C46}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D5FB55D0-558E-4BD9-AED9-2C6E929E351F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FC46314D-3A17-46DE-B81A-62B05C8C15A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D008363-EF6B-428D-B881-57AA91F43140}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3073D039-75B6-4046-8A5F-854C8890E906}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{45E833B2-CF02-4EB0-B0EA-B853714D3EF7}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{481EB889-F76B-411F-995C-7E1E8A7E13A7}" = protocol=6 | dir=out | app=system | 
"{48C18137-7535-48B1-B658-7E8CB1705EA7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{50CD4DD0-35BE-450B-B054-BFB21B9EF89E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{558B7D8F-CB43-4B68-890E-877D3C2EE0F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E19CA71-A5A7-4850-B185-85C69E04E815}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | 
"{5EB033F6-1EC6-485B-A2B4-DE398A7742B2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | 
"{639A4C36-39AA-4A06-9034-464820A43169}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | 
"{6979C27C-1256-4C52-A0FB-D8E01FBF4657}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7EFC333B-8AE9-4E00-810A-84578F1E7084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{824F8A7E-047B-4467-A591-6F0F14A8639C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8EDA68C3-5EB0-42C7-B543-66C03C3AE143}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8F66B92E-1754-45E0-B246-870C667F0F7F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | 
"{9D17563C-B9AF-4F72-87B4-776A0E72E0B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A51EDA2A-E8DB-45DB-8D72-9C04D649BFF9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | 
"{AC899C0D-3BE5-4C13-B39E-1C0158E805C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AED6A668-24D6-40DA-9471-A573BF95F947}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B1D847BD-EFA3-45C1-9C63-28BE26780EEC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD2F4393-08CA-4B0F-B7F7-038B601F9B7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEC5B486-53CF-4E31-AE3E-AFD64E89397D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C134BEFF-681E-4E33-9EBA-1B175FC8AA44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C7D50474-080E-42C3-A486-B9A6FDF7C038}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{D47E40C2-BE16-40D1-B068-F2AA5D6C2E2B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | 
"{D6B59EDF-5DBF-41DE-984A-2BF1B0B3CF3F}" = protocol=17 | dir=in | app=c:\remoteview\remoteview.exe | 
"{D7F0BEA5-B22A-45F0-9584-251E2C24C916}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D8DE4E2F-08D4-422D-9070-09F26AFE84B5}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{DBFCA927-5126-4A30-B12B-9C432399ED46}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DC5C87A2-B1CE-432B-A356-7F60844B6116}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{EF3A95EF-8C61-4816-BD67-96C79B9A7670}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F20A6F8D-928F-4635-A05D-5683DE1AF812}" = protocol=6 | dir=in | app=c:\remoteview\remoteview.exe | 
"TCP Query User{0631DC85-9BE1-4A8C-8A3E-70E0112DFC56}C:\remoteview\bcasttcp.exe" = protocol=6 | dir=in | app=c:\remoteview\bcasttcp.exe | 
"TCP Query User{4151E71D-ED3F-4348-A3D6-38EB7957C6B8}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
"TCP Query User{4429DA8F-01D4-4F8C-97D6-035077858D83}C:\remoteview\bcasttcp.exe" = protocol=6 | dir=in | app=c:\remoteview\bcasttcp.exe | 
"TCP Query User{8581BFE3-B940-4806-A1A4-E096BAE23049}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{8FEC8D43-AC21-49C4-9ED1-76D8B680A2AC}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{29E0D879-54B1-4F9F-BD10-841AC91462F6}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{84D5A336-DBF0-418E-9B4D-DAF844A63875}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{987EFDEE-97BD-425C-A8DC-1AC623E0C578}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{C281CD2D-9C1E-4AA4-8B11-58C851F3BE4E}C:\remoteview\bcasttcp.exe" = protocol=17 | dir=in | app=c:\remoteview\bcasttcp.exe | 
"UDP Query User{F122419F-31D8-46D0-A6E5-7801151C9947}C:\remoteview\bcasttcp.exe" = protocol=17 | dir=in | app=c:\remoteview\bcasttcp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A37EE62-9A58-420D-90CC-4E52153112EE}" = iTunes
"{16EF54EF-8F6F-40DA-9A82-B0DF8F38957F}}_is1" = PodTrans 3.7.1
"{1F2F9DA9-F762-491A-9651-94C09FE9668D}" = AVG 2014
"{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple Application Support
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}" = Apple Mobile Device Support
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{C9811F26-3EF6-449A-9736-BB79A125D894}" = AVG 2014
"{E62AFEB8-BF5A-4287-A19B-198BB17F6276}" = AVG 2014
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Ares" = Ares 2.2.8
"AVG" = AVG 2014
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"GeoVision RemoteView System" = GeoVision RemoteView System
"GEOXCodec" = Geovision Codec
"Google Chrome" = Google Chrome
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 16.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16/08/2014 13:59:37 | Computer Name = Lounge-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10936
 
Error - 16/08/2014 13:59:37 | Computer Name = Lounge-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10936
 
Error - 16/08/2014 13:59:38 | Computer Name = Lounge-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16/08/2014 13:59:38 | Computer Name = Lounge-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11981
 
Error - 16/08/2014 13:59:38 | Computer Name = Lounge-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11981
 
Error - 16/08/2014 13:59:39 | Computer Name = Lounge-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16/08/2014 13:59:39 | Computer Name = Lounge-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13167
 
Error - 16/08/2014 13:59:39 | Computer Name = Lounge-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13167
 
Error - 16/08/2014 15:52:16 | Computer Name = Lounge-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16/08/2014 15:52:16 | Computer Name = Lounge-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6769976
 
[ System Events ]
Error - 15/08/2014 03:56:16 | Computer Name = Lounge-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 15/08/2014 03:56:16 | Computer Name = Lounge-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 15/08/2014 04:48:13 | Computer Name = Lounge-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 15/08/2014 04:48:43 | Computer Name = Lounge-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 15/08/2014 04:48:44 | Computer Name = Lounge-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 15/08/2014 04:48:45 | Computer Name = Lounge-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 15/08/2014 04:48:46 | Computer Name = Lounge-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 15/08/2014 04:48:47 | Computer Name = Lounge-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 15/08/2014 04:48:47 | Computer Name = Lounge-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 15/08/2014 21:18:58 | Computer Name = Lounge-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 01:32:00 on ?16/?08/?2014 was unexpected.
 
 
< End of report >
 
 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:52 AM

Posted 16 August 2014 - 05:25 PM

Hello radioman4949,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 radioman4949

radioman4949
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 16 August 2014 - 06:25 PM

Did malawarebytes root kit; no malaware was found; log is below. Likewise adwcleaner; likewise log below; I did not clean anything, as I was unsure about which programmes to remove etc..

 

Thanks for your help

 

Michael

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.08.16.07
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17239
Lounge :: LOUNGE-PC [administrator]
 
16/08/2014 23:02:56
mbar-log-2014-08-16 (23-02-56).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 268154
Time elapsed: 15 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
AdwCleaner :
 
 
# AdwCleaner v3.306 - Report created 16/08/2014 at 23:27:22
# Updated 15/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Lounge - LOUNGE-PC
# Running from : C:\Users\Lounge\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Solvusoft
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Startup_urls] : hxxp://www.mystart.com/?pr=manycam&id=manycamtb&v=5_3&ent=hp_5007&src=5007
 
*************************
 
AdwCleaner[R0].txt - [8004 octets] - [21/11/2013 20:19:33]
AdwCleaner[R1].txt - [8064 octets] - [21/11/2013 20:23:45]
AdwCleaner[R2].txt - [5269 octets] - [26/11/2013 11:52:16]
AdwCleaner[R3].txt - [1725 octets] - [16/08/2014 23:25:04]
AdwCleaner[R4].txt - [2095 octets] - [16/08/2014 23:27:22]
AdwCleaner[S0].txt - [5759 octets] - [21/11/2013 20:27:12]
AdwCleaner[S1].txt - [1558 octets] - [26/11/2013 11:55:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [2275 octets] ##########
 


#6 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:52 AM

Posted 17 August 2014 - 05:34 AM

Hello radioman4949,


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 radioman4949

radioman4949
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 17 August 2014 - 09:54 AM

Hi there

 

I ran Junkware Removal Tool and log is below.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Lounge on 17/08/2014 at 15:44:11.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/08/2014 at 15:49:10.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 
Just running OTL again and will repost back soon on any findings
 
MICHAEL


#8 radioman4949

radioman4949
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 17 August 2014 - 10:11 AM

Here is OTL Log:

 

OTL logfile created on: 17/08/2014 15:57:11 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lounge\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.94 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 45.68% Memory free
3.87 Gb Paging File | 2.35 Gb Available in Paging File | 60.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 82.79 Gb Total Space | 4.89 Gb Free Space | 5.91% Space Free | Partition Type: NTFS
 
Computer Name: LOUNGE-PC | User Name: Lounge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lounge\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.143\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.143\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (nvvad_WaveExtensible) -- system32\drivers\nvvad32v.sys File not found
DRV - (Avgdiskx) -- C:\Windows\System32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 F1 7C F7 D9 60 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/04/26 18:02:42 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: https://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Hide My Ass! Web Proxy = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Google Search = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome Web Developer Tools = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmlldeibipeppiabbdjajcneipfbocm\0.1.4_0\
CHR - Extension: EditThisCookie = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.4_0\
CHR - Extension: Select To Get Maps = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1_0\
CHR - Extension: RealDownloader = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Wallet = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Lounge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05E484C6-42E9-4A42-B383-9D088C02C9D9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8006904B-A2E6-4C00-A879-45510C194795}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/17 15:44:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/08/16 23:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/08/16 22:57:27 | 000,000,000 | ---D | C] -- C:\Users\Lounge\Desktop\mbar
[2014/08/14 22:12:15 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2014/08/14 22:12:14 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2014/08/14 22:12:13 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2014/08/14 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Lounge\AppData\Local\NVIDIA Corporation
[2014/08/14 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/08/13 19:18:30 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/08/13 19:18:24 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/08/13 19:18:16 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/08/13 19:18:13 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014/08/13 03:40:20 | 000,219,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2014/08/13 03:40:18 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/08/13 03:40:14 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/08/13 03:40:14 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/08/13 03:40:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/08/13 03:40:13 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/08/13 03:40:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/08/13 03:40:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/08/13 03:40:12 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/08/13 03:40:12 | 000,307,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/08/13 03:40:12 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/08/13 03:40:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/08/13 03:40:11 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/08/13 03:40:09 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/08/13 03:40:09 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/08/13 03:40:08 | 000,663,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/08/13 03:40:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/08/13 03:40:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/08/13 03:40:02 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/08/13 03:40:00 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/08/13 03:39:59 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/08/13 03:39:56 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/08/13 03:39:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/08/13 03:39:50 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/08/13 03:39:49 | 004,204,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/08/13 03:39:31 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/08/13 03:39:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/08/13 03:39:07 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/08/13 03:39:07 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014/08/13 03:39:07 | 000,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014/08/13 03:38:59 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/08/13 03:38:57 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/08/13 03:38:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAT.DLL
[2014/08/13 03:38:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDYAK.DLL
[2014/08/13 03:38:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU1.DLL
[2014/08/13 03:38:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2014/08/13 03:38:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU.DLL
[2014/08/12 23:11:00 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/08/12 22:28:45 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/11 17:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/08/11 17:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/08/11 16:18:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014/08/11 15:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft COMDisable
[2014/08/10 18:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/08/09 11:36:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2014/08/08 21:25:29 | 000,231,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/08/08 15:35:50 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\48230029.sys
[2014/08/08 01:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/08 01:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/08 00:32:24 | 000,113,880 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/08 00:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/08 00:31:54 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/08/08 00:31:54 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/08/08 00:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/08 00:24:09 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/08/08 00:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/08/07 16:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/08/07 16:35:01 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/08/07 16:34:32 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/08/07 16:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/07 16:34:31 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/08/07 16:34:31 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/08/07 09:34:09 | 000,000,000 | ---D | C] -- C:\Users\Lounge\AppData\Local\Osbics
[2014/08/01 07:41:31 | 000,045,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2014/08/01 07:41:30 | 002,425,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2014/08/01 07:41:09 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2014/08/01 07:41:09 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2014/08/01 07:41:09 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2014/08/01 07:40:33 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2014/08/01 07:40:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/17 16:02:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/17 15:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/17 15:45:00 | 142,743,514 | ---- | M] () -- C:\Users\Lounge\Documents\latest bup.reg
[2014/08/17 14:52:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/16 23:59:54 | 000,000,314 | ---- | M] () -- C:\Windows\geoxcli.ini
[2014/08/16 23:02:40 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/16 22:57:34 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/08/16 22:51:22 | 000,670,458 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/16 22:51:22 | 000,129,910 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/16 18:26:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/16 10:18:17 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/16 10:18:17 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/16 02:18:34 | 1559,187,456 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/16 01:14:08 | 000,000,022 | ---- | M] () -- C:\Windows\geobcast.ini
[2014/08/14 22:47:34 | 000,002,229 | ---- | M] () -- C:\Users\Lounge\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/14 22:47:34 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/14 09:29:39 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/08/13 19:53:34 | 000,259,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/13 02:28:34 | 000,003,296 | ---- | M] () -- C:\bootsqm.dat
[2014/08/11 17:45:11 | 000,002,582 | ---- | M] () -- C:\Users\Lounge\Documents\cc_20140811_174458.reg
[2014/08/11 17:04:57 | 139,509,706 | ---- | M] () -- C:\Users\Lounge\Documents\reg-backup-11-08-14.reg
[2014/08/08 16:32:11 | 000,000,025 | ---- | M] () -- C:\Users\Lounge\Documents\.VBS
[2014/08/08 15:35:50 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\48230029.sys
[2014/08/08 15:26:49 | 000,131,302 | ---- | M] () -- C:\Users\Lounge\Documents\mbna payment 2.png
[2014/08/08 15:26:11 | 000,149,960 | ---- | M] () -- C:\Users\Lounge\Documents\mbna payment 1.png
[2014/08/08 01:49:57 | 000,059,672 | ---- | M] () -- C:\Users\Lounge\Documents\cc_20140808_014941.reg
[2014/08/07 16:34:06 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/08/07 16:34:04 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/08/07 16:34:04 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/08/07 16:34:03 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/08/07 02:43:38 | 000,412,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/08/07 02:39:08 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/08/06 21:02:24 | 000,014,564 | ---- | M] () -- C:\Users\Lounge\Desktop\natwest login details michael - Shortcut.lnk
[2014/08/06 10:50:44 | 000,129,945 | ---- | M] () -- C:\Users\Lounge\Documents\ebay listing 2.png
[2014/08/06 10:50:02 | 000,086,779 | ---- | M] () -- C:\Users\Lounge\Documents\ebay listing 1.png
[2014/08/06 10:48:40 | 000,161,735 | ---- | M] () -- C:\Users\Lounge\Documents\shop1.png
[2014/08/06 10:47:33 | 000,219,661 | ---- | M] () -- C:\Users\Lounge\Documents\shop2.png
[2014/08/05 09:20:02 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/08/01 00:16:34 | 000,307,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/07/25 14:04:40 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/07/25 14:03:54 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/07/25 13:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/07/25 13:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/07/25 13:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/07/25 13:18:49 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/07/25 13:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/07/25 13:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/07/25 13:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/07/25 13:10:12 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/07/25 13:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/07/25 13:06:47 | 004,204,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/07/25 12:59:29 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/07/25 12:52:19 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/07/25 12:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/07/25 12:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/07/25 12:29:33 | 000,239,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/07/25 12:13:12 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/07/25 12:09:25 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/07/25 12:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/07/25 12:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/07/25 11:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/07/24 22:00:49 | 000,101,417 | ---- | M] () -- C:\Users\Lounge\Documents\1.jpg
[2014/07/21 23:29:01 | 000,418,575 | ---- | M] () -- C:\Users\Lounge\Documents\videocacheview.zip
 
========== Files Created - No Company Name ==========
 
[2014/08/17 15:44:41 | 142,743,514 | ---- | C] () -- C:\Users\Lounge\Documents\latest bup.reg
[2014/08/13 02:28:34 | 000,003,296 | ---- | C] () -- C:\bootsqm.dat
[2014/08/12 18:12:57 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/08/11 17:58:30 | 000,002,229 | ---- | C] () -- C:\Users\Lounge\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/11 17:58:30 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/11 17:57:09 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/11 17:57:08 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/11 17:45:07 | 000,002,582 | ---- | C] () -- C:\Users\Lounge\Documents\cc_20140811_174458.reg
[2014/08/11 17:01:52 | 139,509,706 | ---- | C] () -- C:\Users\Lounge\Documents\reg-backup-11-08-14.reg
[2014/08/08 16:32:08 | 000,000,025 | ---- | C] () -- C:\Users\Lounge\Documents\.VBS
[2014/08/08 15:26:48 | 000,131,302 | ---- | C] () -- C:\Users\Lounge\Documents\mbna payment 2.png
[2014/08/08 15:26:09 | 000,149,960 | ---- | C] () -- C:\Users\Lounge\Documents\mbna payment 1.png
[2014/08/08 01:49:51 | 000,059,672 | ---- | C] () -- C:\Users\Lounge\Documents\cc_20140808_014941.reg
[2014/08/06 21:02:24 | 000,014,564 | ---- | C] () -- C:\Users\Lounge\Desktop\natwest login details michael - Shortcut.lnk
[2014/08/06 10:50:42 | 000,129,945 | ---- | C] () -- C:\Users\Lounge\Documents\ebay listing 2.png
[2014/08/06 10:49:30 | 000,086,779 | ---- | C] () -- C:\Users\Lounge\Documents\ebay listing 1.png
[2014/08/06 10:47:32 | 000,219,661 | ---- | C] () -- C:\Users\Lounge\Documents\shop2.png
[2014/08/06 10:44:58 | 000,161,735 | ---- | C] () -- C:\Users\Lounge\Documents\shop1.png
[2014/07/24 22:00:45 | 000,101,417 | ---- | C] () -- C:\Users\Lounge\Documents\1.jpg
[2014/05/22 06:47:36 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2014/05/22 02:33:06 | 000,000,000 | ---- | C] () -- C:\Users\Lounge\AppData\Local\{3F4EBA95-44B7-43D4-8F66-D374879A306F}
[2014/05/22 01:56:17 | 000,000,000 | ---- | C] () -- C:\Users\Lounge\AppData\Local\{4A510B7B-5ACD-4893-A30F-D47648F4788C}
[2014/04/26 11:30:06 | 000,007,597 | ---- | C] () -- C:\Users\Lounge\AppData\Local\Resmon.ResmonCfg
[2014/04/25 22:21:58 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2014/04/25 22:19:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2014/04/25 21:59:25 | 000,000,314 | ---- | C] () -- C:\Windows\geoxcli.ini
[2014/04/25 21:59:25 | 000,000,022 | ---- | C] () -- C:\Windows\geobcast.ini
[2014/01/23 18:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2014/01/23 18:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2014/01/23 18:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2014/01/23 18:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/05/18 19:56:33 | 000,176,128 | ---- | C] () -- C:\Windows\GeoCodecLib.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >


#9 radioman4949

radioman4949
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 17 August 2014 - 10:38 AM

pc seems to have speeded-up i.e. less sluggish. browser loading quicker now too...

 

Thank you!



#10 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:52 AM

Posted 17 August 2014 - 10:44 AM

Hello radioman4949,
 

Drive C: | 82.79 Gb Total Space | 4.89 Gb Free Space | 5.91% Space Free

This may be a reason for your slow system!
 

***


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    
    :Commands
    [purity]
    [emptytemp]
    
    


    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 radioman4949

radioman4949
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 17 August 2014 - 05:22 PM

Ran OTL with code pasted in as you requested; then rebooted.

 

Here's the log:

 

All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Lounge
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 443473392 bytes
->Java cache emptied: 843472 bytes
->Google Chrome cache emptied: 259498532 bytes
->Flash cache emptied: 11004 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58599842 bytes
RecycleBin emptied: 127157190 bytes
 
Total Files Cleaned = 848.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08172014_173140
 
Files\Folders moved on Reboot...
C:\Users\Lounge\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\TMP000000460579F4E38A5E06F3 not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#12 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:52 AM

Posted 17 August 2014 - 05:39 PM

Hello radioman4949,


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 radioman4949

radioman4949
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 18 August 2014 - 03:31 PM

Hi there,

 

Done as you requested. Pc running much better than before. ESET took a long time to complete its scan. I did not remove anything as yet, so please advise.

 

Michael

 

Here's the requested log ESET:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dd7d134f14c3944b94161d297beb4a2e
# engine=19709
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-18 10:16:53
# local_time=2014-08-18 11:16:53 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 89272 95487397 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 65120 160823404 0 0
# scanned=7223
# found=2
# cleaned=0
# scan_time=326
sh=B38A999A0DA60D5C1C16FF0931AB2E8BD7EF6897 ft=1 fh=e22aa434a9f33e35 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressBurn\expressburn.exe.vir"
sh=4BC7D2B62E88DBB69FC15E82B22948BE024EEDCB ft=1 fh=4f137be5325ed1e8 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressBurn\expressburnsetup_v4.66.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dd7d134f14c3944b94161d297beb4a2e
# engine=19715
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-18 08:22:03
# local_time=2014-08-18 09:22:03 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 125581 95523706 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 101429 160859713 0 0
# scanned=195939
# found=10
# cleaned=0
# scan_time=20444
sh=B38A999A0DA60D5C1C16FF0931AB2E8BD7EF6897 ft=1 fh=e22aa434a9f33e35 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressBurn\expressburn.exe.vir"
sh=4BC7D2B62E88DBB69FC15E82B22948BE024EEDCB ft=1 fh=4f137be5325ed1e8 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressBurn\expressburnsetup_v4.66.exe.vir"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Lounge\Downloads\cbsidlm-cbsi188-BSPlayer-SEO-10722361.exe"
sh=ED8D709418CC23670E7B89227F09D4699CA29854 ft=1 fh=e3ddb8634f349cdb vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\gduij5mw.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\dtuser.exe"
sh=7977F582725BDB7626F3445E032F9609943EC906 ft=1 fh=772636c17240c0b0 vn="Win32/InstalleRex.J potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\000\t\00\00000000"
sh=E3963C35E40D23A765AEB25460D8858A18DAA705 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.QQA trojan" ac=I fn="C:\Windows.old\Documents and Settings\Alan\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\17\664b6851-3fc22bfa"
sh=4DD06B85E8B4CA3CEC1187DEFCE35BBC0B27D0DD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Windows.old\Documents and Settings\Alan\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\36\36feb8e4-7a5c2477"
sh=D2D78D7ECB75B997E07374B6CB1D7E64E7BD4EFA ft=1 fh=cb3d42e631fdbbe5 vn="a variant of Win32/DownloadGuide.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\Alan\Local Settings\Temp\SAc30FkO.exe.part"
sh=278EE35195AE43C347F49D0CA496433998E23DD4 ft=1 fh=212c5df74415422e vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Application Data\EmailNotifier\dtuser\dtUser.exe"
sh=9B65A06B630598916A1574E7A16201AAF04B430D ft=1 fh=afff72e543a80d66 vn="Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\Windows.old\Program Files\FLV Player\FLVPlayer.exe"


#14 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:52 AM

Posted 18 August 2014 - 04:33 PM

Hello radioman4949,

looks like you have an old Windows installation (C:\Windows.old) there.

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    
    :Files
    C:\Users\Lounge\Downloads\cbsidlm-cbsi188-BSPlayer-SEO-10722361.exe 
    C:\Windows.old\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\gduij5mw.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\dtuser.exe
    C:\Windows.old\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\000\t\00\00000000
    C:\Windows.old\Documents and Settings\Alan\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\17\664b6851-3fc22bfa
    C:\Windows.old\Documents and Settings\Alan\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\36\36feb8e4-7a5c2477
    C:\Windows.old\Documents and Settings\Alan\Local Settings\Temp\SAc30FkO.exe.part
    C:\Windows.old\Documents and Settings\All Users\Application Data\EmailNotifier\dtuser\dtUser.exe
    C:\Windows.old\Program Files\FLV Player\FLVPlayer.exe
    
    :Commands
    [purity]
    [emptytemp]
    


    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log.

***


Run OTL again.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 radioman4949

radioman4949
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 18 August 2014 - 05:05 PM

OK will do all that and re-post soon - OK?

 

As regards ESET online scanner should I just close that completely now, or first remove the ten (10x) threats that were found before closing application. Please advise?

 

Michael






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users