Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Weird problem [Closed]


  • This topic is locked This topic is locked

#16
jay721

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/3/2014
Scan Time: 10:09:38 PM
Logfile: malward.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.04.02
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Jay
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291337
Time Elapsed: 6 min, 55 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
HackTool.GamesCheat.Gen, C:\$Recycle.Bin\S-1-5-21-699522696-2996290405-2221708108-1001\$RTGNSL6\DekaronTrainer.exe, , [5a38b21013682b0bad9680518f750ff1], 
HackTool.GamesCheat.Gen, C:\Users\Jay\Downloads\DekaronTrainer.exe, , [484a655d95e63ef8e85bc1109b69916f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

Advertisements


#17
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Wow! That's a fast system! Thanks for that log so quickly.

One more scan and then we'll see what is what ....

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here. Also, please note that this scan can take a while to run.
  • Please go here to run the scan and click on Run ESET Online Scanner
  • abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps
  • The next screen will be the ESET Online Scanner installer
  • Getinstallerpopup_zps569f8772.png
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer and select Save File
  • downloadsave_zpsb758563f.png
  • Save the file to your desktop; you should see a file like this when the download is finished
  • desktopfile_zps98a1ee89.png Double click on this to start the installation of the ESET Online Scanner
  • In the new window that appears select the option YES, I accept the Terms of Use then click on Start
  • TOU_zps4ecd3406.png
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Start
  • Loadsettings_zps3edae710.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • Downloadingsignatures_zps36c38587.png
  • When completed the Online Scan will begin automatically.
  • Scanningdisplay_zpsec3aac14.png
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if any malware was detected, the summary screen will show a warning.
  • Threatsfound_zpsfe95fb4e.png
  • On the Scan results detail window, select to Export to text file, name the file ESET scan results.txt and save it to your desktop.
  • Exporttotextfile_zps16cb487f.png
  • Click <<Back once the file is saved, select 'Uninstall application on close' and click on Finish.
  • UninstallcheckedandFinish_zps6fb26ad8.pn
  • Use Notepad to open the logfile you save on your desktop.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#18
jay721

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
C:\$Recycle.Bin\S-1-5-21-699522696-2996290405-2221708108-1001\$RTGNSL6\DekaronTrainer.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\$Recycle.Bin\S-1-5-21-699522696-2996290405-2221708108-1001\$RZA295W.frostwire5\updates\frostwire-5.5.2.windows.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Jay\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jay\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jay\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.H potentially unwanted application
C:\Config.Msi\1047e290.rbf a variant of Win32/SweetIM.L potentially unwanted application
C:\Users\Jay\Downloads\DekaronTrainer.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Users\Jay\Downloads\drivermax.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application
C:\_OTL\MovedFiles\08032014_175724\C_Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\chrome\utorrentcontrol.jar Win32/Toolbar.Conduit potentially unwanted application

  • 0

#19
jay721

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Alright so here we are it randomly fixed itself just like every other time this has happened. 

 

http://ft.trillian.i...frrQ4BTBvyR.jpg

 

That fps was at 15 and the ms was jumping super fast from 30-45 and now it's 102 and 9. This is the same thing that happened last time except my fps is a bit higher now.

 

Also it wasn't working last night after I ran all of the test. I did everything and waited for ESET one to finish then I got on the game and still had problems and when I turned it on this morning it magically fixed itself


Edited by jay721, 04 August 2014 - 09:43 AM.

  • 0

#20
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Hi jay721,

 

The resetting of the LSP stack would take a little bit to rebuild some of the internal databases but I thought it would have happened before now.  I'm glad you have your speed back where it should be.

 

We need one more scan with OTL and then I should be able to provide a cleanup script for the malware MBAM / ESET found.

 

Please right click on OTL and select "Run as Administrator".

Click the "None" button and then click the "Standard" button.

Select the following:

  • Scan All Users
  • LOP Check
  • Purity Check

 

Click on "Run Scan".

 

Please copy and paste the log this produces in your next reply.  :geek:

 

Thank you for hanging in there with us on the cleaning of your system. 


  • 0

#21
jay721

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OTL logfile created on: 8/4/2014 5:18:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jay\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.12% Memory free
4.00 Gb Paging File | 2.67 Gb Available in Paging File | 66.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240.00 Gb Total Space | 100.61 Gb Free Space | 41.92% Space Free | Partition Type: NTFS
Drive D: | 225.76 Gb Total Space | 225.50 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
 
Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/03 17:52:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
PRC - [2014/07/18 13:13:20 | 000,009,216 | ---- | M] (Hi-Rez Studios) -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe
PRC - [2014/04/08 00:00:00 | 005,306,880 | ---- | M] () -- c:\Program Files\Trillian\plugins\skypekit.exe
PRC - [2014/04/08 00:00:00 | 002,622,832 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/08/22 12:57:30 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2011/08/22 12:52:46 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/15 04:24:48 | 000,353,096 | ---- | M] () -- C:\Users\Jay\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 04:24:44 | 008,537,928 | ---- | M] () -- C:\Users\Jay\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 04:24:38 | 000,718,664 | ---- | M] () -- C:\Users\Jay\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 04:24:36 | 000,126,280 | ---- | M] () -- C:\Users\Jay\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 04:24:35 | 001,732,936 | ---- | M] () -- C:\Users\Jay\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014/04/08 00:00:00 | 005,306,880 | ---- | M] () -- c:\Program Files\Trillian\plugins\skypekit.exe
MOD - [2014/04/08 00:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files\Trillian\libpng15.dll
MOD - [2014/04/08 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Trillian\libungif.dll
MOD - [2014/04/08 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Trillian\zlib1.dll
MOD - [2014/04/08 00:00:00 | 000,010,752 | ---- | M] () -- c:\Program Files\Trillian\languages\en\buddy.dll
MOD - [2014/04/08 00:00:00 | 000,007,168 | ---- | M] () -- c:\Program Files\Trillian\languages\en\talk.dll
MOD - [2014/04/08 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files\Trillian\languages\en\trillian.dll
MOD - [2014/04/08 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files\Trillian\languages\en\events.dll
MOD - [2014/04/08 00:00:00 | 000,003,584 | ---- | M] () -- c:\Program Files\Trillian\languages\en\toolkit.dll
MOD - [2011/08/22 12:57:32 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2014/07/18 13:13:20 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2014/05/05 17:51:16 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2014/03/02 18:59:31 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/07 22:18:42 | 000,569,024 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/08/21 21:44:06 | 000,181,064 | ---- | M] (Sysinternals) [On_Demand | Stopped] -- C:\Windows\PSEXESVC.EXE -- (PSEXESVC)
SRV - [2013/08/04 16:43:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/13 15:13:28 | 000,675,936 | ---- | M] (Wellbia.com Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\xsherlock.xem -- (xsherlock)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2014/06/04 15:56:54 | 000,011,816 | ---- | M] (wisecleaner.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\Wise\Wise Care 365\WiseHDInfo32.dll -- (WiseHDInfo)
DRV - [2013/11/30 13:40:58 | 000,021,432 | ---- | M] (Christian Gulden) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pimou.sys -- (pimou)
DRV - [2012/09/23 01:17:22 | 000,015,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\amdkmafd.sys -- (amdkmafd)
DRV - [2012/08/01 13:13:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012/04/06 13:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/08/22 14:24:44 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2011/08/22 14:24:34 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2011/08/22 14:24:22 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2011/08/22 14:24:12 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2011/08/22 14:24:00 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2011/08/22 14:23:50 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2011/08/22 14:23:36 | 000,528,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2011/08/22 14:23:24 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2011/08/22 14:23:14 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2011/08/22 14:23:14 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2011/08/22 14:23:02 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2011/08/22 14:23:02 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2011/08/22 14:22:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2011/08/22 14:22:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/01 02:07:44 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010/04/27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 16:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2010/04/27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 19 4F FB 21 02 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jay\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jay\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
 
[2014/08/03 17:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Google Wallet = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/06/12 23:12:47 | 000,000,861 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (GigagetIEHelper Class) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\Windows\System32\gigagetbho_v10.dll (Giganology Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getAllurl.htm ()
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCA2F458-4878-4943-8E16-3494C3B74725}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/04 00:19:32 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\Orcs Must Die
[2014/08/03 23:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/08/03 22:08:38 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/03 22:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/03 22:08:25 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/08/03 22:08:25 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/08/03 22:08:25 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/08/03 22:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/03 19:27:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/08/03 19:01:10 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/08/03 19:00:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/03 17:57:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/03 17:52:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2014/08/03 12:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/08/02 22:58:20 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2014/08/02 22:58:18 | 000,021,432 | ---- | C] (Christian Gulden) -- C:\Windows\System32\drivers\pimou.sys
[2014/08/02 22:43:47 | 000,015,528 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\amdkmafd.sys
[2014/08/02 09:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2014/08/01 23:27:44 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2014/08/01 23:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2014/08/01 23:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2014/08/01 19:51:44 | 000,000,000 | ---D | C] -- C:\Users\Jay\Doctor Web
[2014/08/01 17:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2014/08/01 17:04:34 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Innovative Solutions
[2014/08/01 17:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Innovative Solutions
[2014/08/01 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2014/08/01 14:39:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014/08/01 10:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2014/07/24 12:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2014/07/24 12:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2014/07/17 02:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2014/07/11 15:00:16 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Curse Client
[2014/07/11 14:59:11 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Curse
[2014/07/11 14:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/04 17:13:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-699522696-2996290405-2221708108-1001UA.job
[2014/08/04 16:55:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/04 07:52:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/04 04:01:34 | 000,053,952 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-00221102}.rfx
[2014/08/04 04:01:34 | 000,053,952 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-00000005-00221102}.rfx
[2014/08/04 04:01:34 | 000,001,072 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2014/08/04 04:01:34 | 000,001,072 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2014/08/04 04:01:34 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-00000005-00221102}.rfx
[2014/08/04 02:13:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-699522696-2996290405-2221708108-1001Core.job
[2014/08/03 22:09:07 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/03 22:08:33 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/03 21:40:16 | 000,012,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/03 21:40:16 | 000,012,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/03 17:52:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2014/08/03 15:50:45 | 000,007,662 | ---- | M] () -- C:\Users\Jay\AppData\Local\Resmon.ResmonCfg
[2014/08/03 12:09:54 | 000,029,160 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/08/02 22:58:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_pimou_01009.Wdf
[2014/08/02 09:35:37 | 000,001,192 | ---- | M] () -- C:\Users\Jay\Desktop\DriverMax.lnk
[2014/07/24 12:40:05 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/07/23 10:52:02 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/07/18 18:49:32 | 000,000,003 | ---- | M] () -- C:\Windows\System32\HRUPPROG.EXIT
[2014/07/17 03:43:32 | 000,000,169 | ---- | M] () -- C:\Users\Jay\Documents\AutoHotkey.ahk
[2014/07/11 15:04:03 | 000,001,037 | ---- | M] () -- C:\Users\Jay\Desktop\Trillian.lnk
[2014/07/11 15:04:03 | 000,001,001 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2014/07/11 14:58:23 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2014/07/11 14:58:23 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk
 
========== Files Created - No Company Name ==========
 
[2014/08/03 22:08:33 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/03 12:09:54 | 000,029,160 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/08/02 22:58:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_pimou_01009.Wdf
[2014/08/02 09:35:37 | 000,001,192 | ---- | C] () -- C:\Users\Jay\Desktop\DriverMax.lnk
[2014/07/24 12:40:05 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/07/18 18:49:32 | 000,000,003 | ---- | C] () -- C:\Windows\System32\HRUPPROG.EXIT
[2014/07/11 15:04:03 | 000,001,067 | ---- | C] () -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
[2014/07/11 15:04:03 | 000,001,037 | ---- | C] () -- C:\Users\Jay\Desktop\Trillian.lnk
[2014/07/11 15:04:03 | 000,001,001 | ---- | C] () -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2014/07/11 14:58:23 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2014/07/11 14:58:23 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk
[2014/06/14 12:15:54 | 003,622,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/30 14:32:25 | 000,004,608 | ---- | C] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/04 16:42:24 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2013/08/04 16:42:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2013/06/12 18:30:56 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/03/23 15:36:49 | 000,000,007 | -HS- | C] () -- C:\Users\Jay\AppData\Roaming\date
[2013/01/08 10:56:04 | 000,137,168 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/11/19 15:00:00 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/11/09 16:29:55 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2012/08/15 13:19:15 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/08/07 00:36:09 | 000,007,662 | ---- | C] () -- C:\Users\Jay\AppData\Local\Resmon.ResmonCfg
[2012/06/03 03:19:50 | 000,138,904 | ---- | C] () -- C:\Users\Jay\AppData\Roaming\PnkBstrK.sys
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >

  • 0

#22
jay721

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

So?....


  • 0

#23
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Jay721,

Sorry for the delay.. Thanks for the last scan log by OTL. I don't see anything in it that screams to be removed so we will clean out what MBAM & ESET found.

Note: The script text listed below is for this user / system only. Any other useage may lead to system damage and is not condoned or advised.

Please right click on the OTL file on your desktop and select Run as Administrator.

Copy the fix text in the code box below by clicking at the : in the left corner and dragging the mouse curser to the bottom past the ] in the last line, right click and select COPY.

Return to the OTL menu that is open, right click on the open box below Custom Scans/Fixes and select PASTE. If you did this properly, the first line in the Custom Scans/Fixes box should read :Commands and the last line should read [EMPTYTEMP] .

Click on the Run Fix button.

OTL will process the fix text, close the desktop, reboot your system and produce a log file named MMDDYYYY_hhmmss.log . If the log is not opened in Notepad after the system reboots, you can find the file in the C:\_OTL\MovedFiles directory. Please copy and paste the log file contents in a reply post here.

This is the code box with the Fix Text to copy =>

 



:Commands
[CREATRESTOREPOINT]

:Files
C:\$Recycle.Bin\S-1-5-21-699522696-2996290405-2221708108-1001\$RTGNSL6\DekaronTrainer.exe
C:\Users\Jay\Downloads\DekaronTrainer.exe
C:\$Recycle.Bin\S-1-5-21-699522696-2996290405-2221708108-1001\$RZA295W.frostwire5
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir
C:\AdwCleaner\Quarantine\C\Users\Jay\AppData\Local\Babylon\Setup\BExternal.dll.vir
C:\AdwCleaner\Quarantine\C\Users\Jay\AppData\Local\Babylon\Setup\IECookieLow.dll.vir
C:\AdwCleaner\Quarantine\C\Users\Jay\AppData\Local\Babylon\Setup\Setup.exe.vir
C:\Config.Msi\1047e290.rbf
C:\Users\Jay\Downloads\DekaronTrainer.exe
C:\Users\Jay\Downloads\drivermax.exe
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll

:Commands
[EMPTYTEMP]

 

 

 


  • 0

#24
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

jay721,

 

Just a thought, but your ISP is not throttling your connection speed?

 

We are almost done if you still want to complete the cleaning.


  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP