Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I need help!


  • This topic is locked This topic is locked

#1
SoullessZ

SoullessZ

    Member

  • Member
  • PipPip
  • 32 posts
I use my internet and when I open browser or watch video etc etc.. It really over downloads.. like instead of a normal DL of 20 or whatever.. It jumps to 200-400-600 odd...
I notice this as I use bit meter, I load a basic website like google and it jumps to 200 odd DL speed and it's not normal.

Why? Do I have a virus or something? I have scanned :/

I need help!

So I am suppose to post my OTL.txt log here?

OTL logfile created on: 8/7/2012 3:01:35 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Neox\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 39.69% Memory free
6.73 Gb Paging File | 4.04 Gb Available in Paging File | 60.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 81.54 Gb Free Space | 35.01% Space Free | Partition Type: NTFS
Drive D: | 124.45 Gb Total Space | 60.71 Gb Free Space | 48.79% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 3.99 Gb Free Space | 20.44% Space Free | Partition Type: NTFS
Drive F: | 5.07 Gb Total Space | 0.91 Gb Free Space | 17.90% Space Free | Partition Type: NTFS

Computer Name: NEOX-PC | User Name: Neox | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 15:01:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Neox\Downloads\OTL.exe
PRC - [2012/07/11 04:07:56 | 000,515,584 | ---- | M] (LOL Replay) -- C:\Program Files\LOLReplay\LOLRecorder.exe
PRC - [2012/07/07 12:22:42 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/26 06:32:44 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Neox\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/05/24 10:03:45 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.90\deploy\LoLLauncher.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/14 11:32:08 | 000,010,240 | ---- | M] (SeriousBit) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
PRC - [2011/11/10 04:11:50 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/11/10 04:11:20 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/10/29 12:42:47 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/17 09:05:26 | 001,462,272 | ---- | M] ( ) -- C:\Program Files\Codebox\BitMeter\BitMeter2.exe
PRC - [2010/09/08 15:58:44 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.187\deploy\LolClient.exe
PRC - [2009/08/08 02:38:18 | 000,109,056 | ---- | M] (none) -- C:\Users\Neox\Desktop\All Folders\Virus scanners\wopt021\WLAN Optimizer.exe
PRC - [2009/07/20 20:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/13 15:26:54 | 002,498,560 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007/09/14 01:35:08 | 001,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2007/09/02 22:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/07 11:33:09 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/08/07 11:33:09 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/31 06:36:14 | 000,442,392 | ---- | M] () -- C:\Users\Neox\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll
MOD - [2012/07/31 06:36:13 | 012,235,288 | ---- | M] () -- C:\Users\Neox\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
MOD - [2012/07/31 06:36:12 | 003,997,720 | ---- | M] () -- C:\Users\Neox\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
MOD - [2012/07/31 06:34:57 | 000,526,872 | ---- | M] () -- C:\Users\Neox\AppData\Local\Google\Chrome\Application\21.0.1180.60\libglesv2.dll
MOD - [2012/07/31 06:34:55 | 000,104,984 | ---- | M] () -- C:\Users\Neox\AppData\Local\Google\Chrome\Application\21.0.1180.60\libegl.dll
MOD - [2012/07/31 06:34:45 | 000,144,424 | ---- | M] () -- C:\Users\Neox\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll
MOD - [2012/07/31 06:34:43 | 000,266,792 | ---- | M] () -- C:\Users\Neox\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll
MOD - [2012/07/31 06:34:42 | 002,480,680 | ---- | M] () -- C:\Users\Neox\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll
MOD - [2012/07/11 04:07:54 | 000,156,160 | ---- | M] () -- C:\Program Files\LOLReplay\Air.dll
MOD - [2012/07/11 04:07:50 | 000,052,224 | ---- | M] () -- C:\Program Files\LOLReplay\Launcher.dll
MOD - [2012/07/11 04:07:48 | 001,036,288 | ---- | M] () -- C:\Program Files\LOLReplay\LOLUtils.dll
MOD - [2012/06/14 22:19:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 22:19:32 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 22:19:24 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 22:17:30 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/24 10:03:45 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.90\deploy\LoLLauncher.exe
MOD - [2012/05/10 17:14:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 15:30:30 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 15:29:42 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 15:29:37 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 15:29:10 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 15:29:08 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 15:28:54 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/04/19 12:54:21 | 004,770,176 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.187\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2012/01/10 00:44:07 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/01/10 00:44:07 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/10 03:11:06 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011/10/29 12:42:47 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/07/14 17:01:59 | 000,958,976 | ---- | M] () -- C:\Program Files\SplitMediaLabs\XSplit\avformat-53.dll
MOD - [2011/07/14 17:01:59 | 000,132,096 | ---- | M] () -- C:\Program Files\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2011/07/14 17:01:58 | 007,006,208 | ---- | M] () -- C:\Program Files\SplitMediaLabs\XSplit\avcodec-53.dll
MOD - [2011/07/14 17:01:58 | 000,239,616 | ---- | M] () -- C:\Program Files\SplitMediaLabs\XSplit\swscale-0.dll
MOD - [2008/06/13 15:26:54 | 002,498,560 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2007/09/14 01:35:08 | 001,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
MOD - [2007/09/02 22:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 22:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/05 14:38:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/04 19:08:23 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/03 15:53:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/22 15:12:21 | 003,417,376 | ---- | M] () [Disabled | Stopped] -- C:/Program Files/Common Files/Akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/14 11:32:08 | 000,010,240 | ---- | M] (SeriousBit) [Auto | Running] -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe -- (NetBalancerService)
SRV - [2011/11/10 04:11:20 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/08/07 22:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/20 20:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/11/10 04:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/11/10 03:12:20 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/10/17 18:40:34 | 000,082,960 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/18 17:11:14 | 000,031,016 | ---- | M] (SeriousBit) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nbdrv.sys -- (Nbdrv)
DRV - [2010/03/25 09:49:06 | 000,082,360 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/12/28 14:58:30 | 000,289,280 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/12/26 19:46:00 | 000,288,768 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/01/19 12:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-04-25 12:54:12&v=11.1.0.12&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...GB&dcc=GB&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 5A 97 A2 C5 E5 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-04-25 12:54:12&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..keyword.URL: " http://www.google.co...ogle Search&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Neox\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Neox\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Neox\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/05 14:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/28 19:26:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/05 14:38:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/28 19:26:25 | 000,000,000 | ---D | M]

[2012/04/21 21:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neox\AppData\Roaming\Mozilla\Extensions
[2012/08/05 14:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neox\AppData\Roaming\Mozilla\Firefox\Profiles\93hkvla5.default\extensions
[2012/04/21 21:36:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Neox\AppData\Roaming\Mozilla\Firefox\Profiles\93hkvla5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/05 14:45:38 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Neox\AppData\Roaming\Mozilla\Firefox\Profiles\93hkvla5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/06/25 20:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/25 20:00:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/05 14:41:13 | 000,276,167 | ---- | M] () (No name found) -- C:\USERS\NEOX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\93HKVLA5.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012/08/05 14:38:43 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/09 15:20:02 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/13 05:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 05:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Neox\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Neox\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Neox\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Neox\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Neox\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Neox\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Neox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Neox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kagamine Rin & Len Theme = C:\Users\Neox\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajbmlfcphelnfmnfmknjhhnajbihaaa\2_0\
CHR - Extension: AdBlock = C:\Users\Neox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.39_0\
CHR - Extension: Speed Dial 2 = C:\Users\Neox\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.0.9_0\
CHR - Extension: Gmail = C:\Users\Neox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Neox\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WLAN Optimizer] C:\Users\Neox\Desktop\All Folders\Virus scanners\wopt021\WLAN Optimizer.exe (none)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15E874B8-9A27-4D92-8424-88E7DA202274}: NameServer = 192.168.0.1,192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Neox\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Neox\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/19 23:53:56 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/17 17:30:14 | 000,000,044 | ---- | M] () - D:\AutoRun.inf -- [ NTFS ]
O33 - MountPoints2\{ff6c0242-288d-11e1-ba10-002185028e00}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6c0242-288d-11e1-ba10-002185028e00}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/01 11:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/08/01 11:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012/08/01 11:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/08/01 11:19:54 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Local\Aeria Games
[2012/08/01 11:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012/07/31 15:25:55 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2012/07/31 15:23:41 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2012/07/30 18:06:11 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Local\APN
[2012/07/30 18:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/29 22:00:13 | 000,000,000 | ---D | C] -- C:\Users\Neox\Desktop\Music
[2012/07/28 18:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBalancer
[2012/07/28 18:51:38 | 000,031,016 | ---- | C] (SeriousBit) -- C:\Windows\System32\drivers\nbdrv.sys
[2012/07/27 16:00:36 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/07/27 16:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/27 15:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/07/27 15:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/27 12:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\beanfun! US
[2012/07/27 12:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\beanfun!
[2012/07/27 12:12:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/27 01:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/27 01:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/27 01:42:40 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Roaming\Locktime
[2012/07/27 01:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 2 Monitor
[2012/07/27 01:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Locktime
[2012/07/27 01:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\NetLimiter 2 Monitor
[2012/07/25 16:09:10 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Roaming\Downloaded Installations
[2012/07/24 14:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/24 14:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/24 14:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/24 14:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/07/21 22:46:29 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Roaming\CrystalIdea Software
[2012/07/21 22:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/21 22:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/21 14:21:42 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Local\Xor-Net
[2012/07/20 13:45:27 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Roaming\WhatPulse
[2012/07/20 13:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhatPulse
[2012/07/19 17:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Xunlei
[2012/07/19 17:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thunder Network
[2012/07/19 17:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Thunder Network
[2012/07/19 17:52:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Thunder Network
[2012/07/19 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Thunder Network
[2012/07/14 21:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\beanfun! UK
[2012/07/11 16:20:58 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/07/11 13:10:31 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Local\Downloader
[2012/07/11 13:10:24 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloader
[2012/07/11 13:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Downloader
[2012/07/09 00:56:32 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/08 23:04:44 | 000,000,000 | ---D | C] -- C:\Users\Neox\AppData\Local\Macromedia
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/07 15:06:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4133368832-3342889942-1754129440-1000UA.job
[2012/08/07 15:04:33 | 003,582,864 | ---- | M] (DevAge, Vestris Inc. & Contributors) -- C:\Users\Neox\Desktop\GROLauncherEMEA.exe
[2012/08/07 14:52:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/07 13:30:44 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 13:30:44 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 13:06:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4133368832-3342889942-1754129440-1000Core.job
[2012/08/07 11:30:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 11:30:37 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 19:50:02 | 000,657,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/06 19:50:02 | 000,125,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/04 01:32:24 | 244,718,947 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/04 01:11:21 | 000,237,568 | ---- | M] () -- C:\Users\Neox\Desktop\RiotComic Competition.jpg
[2012/08/03 23:06:05 | 000,000,750 | ---- | M] () -- C:\Users\Neox\Application Data\Microsoft\Internet Explorer\Quick Launch\StarCraft II.lnk
[2012/07/28 18:51:41 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\NetBalancer Tray.lnk
[2012/07/28 18:51:41 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\NetBalancer.lnk
[2012/07/27 01:42:14 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk
[2012/07/24 14:11:12 | 000,001,703 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/20 20:20:58 | 000,000,845 | ---- | M] () -- C:\Users\Neox\Application Data\Microsoft\Internet Explorer\Quick Launch\lol.launcher.exe - Shortcut.lnk
[2012/07/19 21:29:13 | 000,140,480 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/07/19 21:29:02 | 000,298,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/07/19 21:23:59 | 000,138,056 | ---- | M] () -- C:\Users\Neox\AppData\Roaming\PnkBstrK.sys
[2012/07/19 21:23:49 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012/07/19 20:42:50 | 003,130,440 | ---- | M] () -- C:\Windows\System32\pbsvc_blr.exe
[2012/07/19 17:52:59 | 000,000,020 | ---- | M] () -- C:\Windows\System32\pub_store.dat
[2012/07/19 17:06:59 | 000,000,062 | ---- | M] () -- C:\Windows\wininit.ini
[2012/07/12 22:17:05 | 000,256,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/11 20:45:37 | 000,001,817 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012/07/11 20:45:37 | 000,001,725 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/04 01:32:24 | 244,718,947 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/04 01:11:41 | 000,237,568 | ---- | C] () -- C:\Users\Neox\Desktop\RiotComic Competition.jpg
[2012/08/03 23:06:05 | 000,000,750 | ---- | C] () -- C:\Users\Neox\Application Data\Microsoft\Internet Explorer\Quick Launch\StarCraft II.lnk
[2012/07/28 18:51:41 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\NetBalancer Tray.lnk
[2012/07/28 18:51:41 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\NetBalancer.lnk
[2012/07/27 01:42:14 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk
[2012/07/24 14:11:12 | 000,001,703 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/20 20:20:58 | 000,000,845 | ---- | C] () -- C:\Users\Neox\Application Data\Microsoft\Internet Explorer\Quick Launch\lol.launcher.exe - Shortcut.lnk
[2012/07/19 21:29:01 | 000,298,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/07/19 21:24:00 | 000,140,480 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/07/19 21:23:59 | 000,138,056 | ---- | C] () -- C:\Users\Neox\AppData\Roaming\PnkBstrK.sys
[2012/07/19 21:23:44 | 000,298,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/07/19 21:23:44 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
[2012/07/19 21:23:41 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012/07/19 21:23:41 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/07/19 17:52:59 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2012/07/19 17:06:59 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/11 20:45:37 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012/07/11 20:45:37 | 000,001,725 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/06/17 12:33:27 | 763,501,080 | ---- | C] () -- C:\Users\Neox\dota 2012-06-17 12-33-27-88.avi
[2012/06/17 12:33:07 | 057,574,536 | ---- | C] () -- C:\Users\Neox\dota 2012-06-17 12-33-07-35.avi
[2012/03/04 22:41:48 | 000,000,037 | -HS- | C] () -- C:\Users\Neox\AppData\Local\1754111884ee9ab5277ca00.95260103
[2011/12/26 05:03:31 | 000,006,656 | ---- | C] () -- C:\Users\Neox\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 08:14:15 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/21 04:30:48 | 000,104,496 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/12/18 21:18:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/12/18 21:18:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/12/18 00:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/12/17 13:15:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/17 10:07:19 | 000,001,356 | ---- | C] () -- C:\Users\Neox\AppData\Local\d3d9caps.dat
[2011/11/10 07:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/11/10 07:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/11/10 03:11:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/10/21 20:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011/09/19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

========== LOP Check ==========

[2012/02/13 02:01:46 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\.minecraft
[2011/12/26 05:02:30 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\BANDISOFT
[2012/01/08 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\Bitmeter2
[2011/12/17 13:53:37 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\CoreClient
[2012/07/21 22:46:29 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\CrystalIdea Software
[2012/07/25 16:09:10 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\Downloaded Installations
[2012/05/27 14:41:32 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\fltk.org
[2011/12/17 13:37:26 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\ijjigame
[2011/12/17 02:57:56 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\ImgBurn
[2012/07/27 01:42:40 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\Locktime
[2011/12/17 14:31:53 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\LolClient
[2012/05/24 10:34:18 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\LolClient2
[2012/01/03 04:34:34 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\OpenOffice.org
[2011/12/17 03:04:23 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\Opera
[2012/02/25 13:50:34 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\RotMG.Production
[2011/12/31 17:00:07 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\SplitMediaLabs
[2011/12/18 02:47:36 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\SystemRequirementsLab
[2011/12/26 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\TeamViewer
[2012/07/29 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\TS3Client
[2012/02/13 16:13:22 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\TuneUp Software
[2012/05/09 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\Unity
[2012/07/20 13:46:41 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\WhatPulse
[2012/02/09 16:39:38 | 000,000,000 | ---D | M] -- C:\Users\Neox\AppData\Roaming\Wireshark
[2012/03/04 22:41:47 | 000,000,000 | -HSD | M] -- C:\Users\Neox\AppData\Roaming\wyUpdate AU
[2012/08/07 01:46:08 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/07/26 23:38:40 | 008,926,301 | ---- | M] ()(C:\Users\Neox\Desktop\03 ?????.mp3) -- C:\Users\Neox\Desktop\03 강남스타일.mp3
[2012/07/26 23:30:02 | 008,926,301 | ---- | C] ()(C:\Users\Neox\Desktop\03 ?????.mp3) -- C:\Users\Neox\Desktop\03 강남스타일.mp3
[2012/07/19 17:53:25 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

< End of report >

Edited by SoullessZ, 07 August 2012 - 08:13 AM.

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello SoullessZ, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

I am reviewing your OTL log now. I don't see a lot in the way of malware.
There should have been a Extras.txt file generated when OTL was first run. You will find it in the C:\Users\Neox\Downloads folder. Please post that.
Once you have posted that file and the other scan I want you to run I will review them and get back to you.


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-2.

Things For Your Next Post:
1. The Extras.txt log
2. The aswMBR log
  • 0

#3
SoullessZ

SoullessZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
This was my aswMBR thing.. No idea this extra.txt is...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 22:20:47
-----------------------------
22:20:47.410 OS Version: Windows 6.0.6002 Service Pack 2
22:20:47.412 Number of processors: 2 586 0x1706
22:20:47.419 ComputerName: NEOX-PC UserName: Neox
22:21:05.054 Initialize success
22:24:40.886 AVAST engine defs: 12081001
22:25:14.226 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:25:14.240 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAF Size: 238475MB BusType: 3
22:25:14.243 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
22:25:14.245 Disk 1 Vendor: SAMSUNG_HD160JJ/P ZM100-38 Size: 152627MB BusType: 3
22:25:14.284 Disk 0 MBR read successfully
22:25:14.287 Disk 0 MBR scan
22:25:14.658 Disk 0 Windows VISTA default MBR code
22:25:14.685 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238471 MB offset 2048
22:25:14.743 Disk 0 scanning sectors +488391221
22:25:14.835 Disk 0 scanning C:\Windows\system32\drivers
22:25:38.091 Service scanning
22:25:59.860 Service MpKsldc90bcab c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40096790-E70D-497E-87B1-582E847F9C26}\MpKsldc90bcab.sys **LOCKED** 32
22:26:29.219 Modules scanning
22:26:38.087 Disk 0 trace - called modules:
22:26:38.111 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
22:26:38.112 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8589dac8]
22:26:38.112 3 CLASSPNP.SYS[8b1a38b3] -> nt!IofCallDriver -> [0x851d4918]
22:26:38.113 5 acpi.sys[8aa4d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x8480eb98]
22:26:39.938 AVAST engine scan C:\Windows
22:26:45.072 AVAST engine scan C:\Windows\system32
22:34:22.605 AVAST engine scan C:\Windows\system32\drivers
22:34:52.830 AVAST engine scan C:\Users\Neox
23:06:21.671 AVAST engine scan C:\ProgramData
23:25:24.446 Scan finished successfully
23:34:15.430 Disk 0 MBR has been saved successfully to "C:\Users\Neox\Desktop\MBR.dat"
23:34:15.567 The log file has been saved successfully to "C:\Users\Neox\Desktop\aswMBR.txt"

Edited by SoullessZ, 10 August 2012 - 04:52 PM.

  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

.. No idea this extra.txt is...

OK, we'll do it another way.

The aswMBR log doesn't show any rootkits or anything wrong with the master boot record. :thumbsup:

Your Windows service pack needs to be updated. We will do that in due course.

I see the TDSS_Quarantine folder. Did you run TDSSKiller? If so please post that log. You should find it in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt", where [version] is the program version and [date]_[time] is the date and time the program was run. Please copy and paste its contents on your next reply.

You have two antivirus programs running and three antispyware programs running with real time protection. You only need one antivirus program. Running more than one causes program conflicts, system slow downs, uses more system resources and actually provides less antivirus protection.

You have both Microsoft Security Essentials and AVG running. Please let me know which one you want to keep so we can remove the other one.

You have MalwareBytes, SpybotS&D and SuperAntiSpyware installed and all running at start up. At most you should only have two antispyware programs and only one of those should be running in the background. Let me know which program you want to remove, I would suggest SuperAntiSpyware, and which one of the two left that you want to run in the back ground.

I want you to run a new OTL scan but with different settings so we can check out some other areas where malware hides. The scan will produce a Extras.txt log.

After I get these logs and the answer to the questions above we will be ready to start cleaning the system. :)


Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.*
consrv.dll
wshelper.dll
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Program Files\Common Files\ComObjects\*.* /s

2. Re-open OTL. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console<---Important.
  • The Include 64bit Scans box should not be available, but if it is Do Not check it
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section, click the radio button beside Use Safelist.<---Very Important
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt on the desktop. Extras.txt will be minimized. These files are also saved in the same location as OTL (it should your C:\Users\Neox\Downloads folder).
  • Please copy the contents of these files and paste them into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Step-2.

Things For Your Next Post:
1. The new OTL.txt log
2. The Extras.txt log
3. The TDSSKiller log
4. Answer to the questions I asked about the antivirus and antispyware programs
  • 0

#5
SoullessZ

SoullessZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I would like to keep microsoft essentials
and I would like to keep SuperAntiSpyware,

Some small TDSS log..
Spoiler


Here is the bigger one:
Spoiler



Here is my OTL log:

Spoiler

Edited by SoullessZ, 11 August 2012 - 05:42 AM.

  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

I would like to keep microsoft essentials

Fair enough.

and I would like to keep SuperAntiSpyware,

OK. Of the two that are left, which one do you want to keep? And between SuperAntiSpyware and the other one you want to keep, which one do you want running in the background?

You still did not include the Extras.txt file.

The TDSSKiller log you posted shows that you have deleted good files and services:

12:12:00.0120 4720 C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe - copied to quarantine
12:12:00.0137 4720 HKLM\SYSTEM\ControlSet001\services\NetBalancer Windows Service - will be deleted on reboot
12:12:00.0176 4720 HKLM\SYSTEM\ControlSet002\services\NetBalancer Windows Service - will be deleted on reboot
12:12:00.0201 4720 C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe - will be deleted on reboot
12:12:00.0201 4720 NetBalancer Windows Service ( UnsignedFile.Multi.Generic ) - User select action: Delete
12:12:01.0111 4720 C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe - copied to quarantine
12:12:01.0236 4720 HKLM\SYSTEM\ControlSet001\services\nlsvc - will be deleted on reboot
12:12:01.0237 4720 HKLM\SYSTEM\ControlSet002\services\nlsvc - will be deleted on reboot
12:12:01.0240 4720 C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe - will be deleted on reboot
12:12:01.0240 4720 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Delete
12:12:01.0391 4720 C:\Windows\System32\WinService.exe - copied to quarantine
12:12:01.0512 4720 HKLM\SYSTEM\ControlSet001\services\SCM_Service - will be deleted on reboot
12:12:01.0528 4720 HKLM\SYSTEM\ControlSet002\services\SCM_Service - will be deleted on reboot
12:12:01.0531 4720 C:\Windows\System32\WinService.exe - will be deleted on reboot
12:12:01.0531 4720 SCM_Service ( UnsignedFile.Multi.Generic ) - User select action: Delete

NetBalancer appears to be a monitor for bandwidth consumption
NetLimiter is an internet traffic and bandwidth monitor
WinService.exe ans SMC_Service appears to be your Netgear Wireless router.
The NetBalancer and NetLimiter deletions may well be why the internet is over downloading.

You ran the TDSSKiller program on July 24, 2012. You need to see if you can restore your computer to a date prior to 7/24/2012. Do you know how to do that? If you don't, please stop and let me know. If you do know how to do that, please only try the restore one time. If it isn't successful Stop and let me know.

When you find the date prior to 7/24/2012 to restore your system to, Windows will shut down and reboot as part of the process.
When Windows finishes you should get a message that the restore was successful. If you get that message:

Download the latest version of TDSSKiller from here and save it to your Desktop

Double click the tdsskiller.exe file to run the program.

Very Important: Do Not allow it to fix anything!

If it finds anything and recommends Cure as the default action, change it to SKIP
Leave everything found with SKIP as the recommended action alone.

Post the resulting log file. NOTE:It is not necessary to post the logs behind Spoiler tags, just copy and past them into the post. That makes them easier for me to read. Use more than one post if you need to.
  • 0

#7
SoullessZ

SoullessZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I got nothing other than the net balance thing again as "skip"
  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Did you do the system restore?
  • 0

#9
SoullessZ

SoullessZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Nothing. I still get this. Is it some sort of virus or something?
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi SoullessZ,

Nothing.

Is this a response to my question about running System Restore? If it is I don't know what you meant.

I still get this.

You still get what?

Is it some sort of virus or something?

If you mean the downloading problem, I don't know yet. The first thing we need to do is get the conflicting programs cleaned off of the system, then either get the files and services restored or uninstall the programs that they are a part of and see if the problem is still there.

In order to help you I need to know what is going on. Since I can't interact with your computer, you have to tell me what is going on.
When I ask a question I need you to answer it. I'll try asking them again, a few at a time. Please answer them in the order asked. Just type 1. and then answer question number 1 ect. Please don't run any tools, just answer my question(s).

1. Did you try to do a system restore to a date before 7/24/2012?
2. Did you download and run TDSSKiller after trying the system restore?
  • 0

Advertisements


#11
SoullessZ

SoullessZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Yes & Yes the same problem I have occurs

Didn't you also tell me to remove like some virus protection programs and only keep 1 or 2? How do I do that as well
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thank you for the answers. :)
When you answer the next questions, I will be able to cobble together a fix that will include uninstalling one of the antivirus programs and and cutting the antispyware programs from three to two with only one of them running in the background.

You told me that you wanted to keep Microsoft Security Essentials as the antivirus.
You told me that you want to keep SuperAntiSpyware. That leaves MalwareBytes and SpybotS&D. Since we will be using MalwareBytes we will uninstall SpybotS&D.


Things I need for your next reply
1. Between SuperAntiSpyware and MalwareBytes, which program do you want running the background?

2. I still need the Extras.txt log from OTL. You can find it in the C:\Users\Neox\Downloads folder (the same folder you ran OTL from.

3. I want to see the log from the last TDSSKiller scan. You should find it in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt", where [version] is the program version and [date]_[time] is the date and time the program was run. Please copy and paste its contents on your next reply.(The date that you ran the last scan should have been 8/11/2012)

Get me that answer to number 1 and the log files for numbers 2 & 3 and we will start the cleaning process.
  • 0

#13
SoullessZ

SoullessZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
1. SuperAntiSpyware
2. I still really can't find it.. I even tried to search =.=
3.
Spoiler

Edited by SoullessZ, 12 August 2012 - 08:04 AM.

  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The system restore did not replace the following files:
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe---This is one of or part of the bandwidth monitor
C:\Windows\System32\WinService.exe----This is part of your Netgear wireless router.

If it didn't replace the files, then the services are probably still gone too...so we will check.

Questions
1. Are you having the download problem in all browsers or just certain ones?
2. When did the problem start? Was it around the time you ran TDSSKiller the first time on 7/24/2012?

The following scan will check for the services. If you check the boxes in the instructions correctly, it will also produce a Extras.txt file.

Please DO NOT put the logs behind Spoiler tags. Just Copy and Paste them into the post.


Step-1

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBalancer Windows Service 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nlsvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCM_Service

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.

    This next instruction will produce the Extras.txt file
  • In the Extra Registry section, click the button beside Use Safelist<---VERY IMPORTANT
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. Extras.txt will be minimized on the Task Bar. These files are also saved in the same location as OTL (it should be in your Downloads folder).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
  • Close the OTL.txt file.
  • Click on the Extras.txt file on the Task Bar and it will open.
  • Highlight all text inside the file, right click and click Copy.
  • Inside the next forum post, right click and click Paste. This will put the contents it the post.


Step-2.

Things For Your Next Post:
1. Answer to questions 1 and 2 above.
2. The new OTL.txt log
3. The Extras.txt log

Please remember, just copy and paste your logs into the post.
  • 0

#15
SoullessZ

SoullessZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
1. Yes it over DL's when opening browsers or streams and it lags myself unable to load streams or videos
2. I really don't know...
3... OTL
Spoiler


Extras...

Spoiler

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP