Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I have certain, but benign parasites on my pc

Started by Gib80 , Feb 25 2015 07:24 PM

  • Please log in to reply

#1
Gib80
Posted 25 February 2015 - 07:24 PM

Gib80

    Member

  • Member
  • PipPip
  • 46 posts

I need to let you know that the situation tends to get worse in the evening time. I haven't scanned with MBAM or MSE on my laptop due to nothing being detected, but I'm sure the problem is a mild one!

 

OTL logfile created on: 2/25/2015 5:51:20 PM - Run 19
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mayheme1\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 0.12 Gb Available Physical Memory | 4.05% Memory free
7.54 Gb Paging File | 1.81 Gb Available in Paging File | 23.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.62 Gb Total Space | 121.95 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 11.39 Gb Free Space | 97.55% Space Free | Partition Type: NTFS
 
Computer Name: MAYHEME1-PC | User Name: Mayheme1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files\JAM Software\TreeSize Free\TreeSizeFree.exe (JAM Software)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\SubliminalMessages.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.)
PRC - C:\Users\Mayheme1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WinBoard-4.5.2\WinBoard\winboard.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\SubliminalMessages.exe ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\plugins\imageformats\qtiff.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\plugins\imageformats\qmng.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\plugins\imageformats\qwbmp.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\plugins\imageformats\qtga.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\plugins\platforms\qwindows.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\plugins\imageformats\qico.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\plugins\imageformats\qgif.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\plugins\imageformats\qjpeg.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\icudt51.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\icuin51.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\icuuc51.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\libstdc++-6.dll ()
MOD - C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\WOT\WOT.dll ()
MOD - C:\WinBoard-4.5.2\WinBoard\winboard.exe ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sesvc) -- C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Windows\TEMP\catchme.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsisoft GmbH)
DRV - (cleanhlp) -- C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 5E A8 91 DE 1A D0 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/06/06 18:31:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/12/11 03:01:28 | 000,000,000 | ---D | M]
 
[2010/02/01 00:05:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mayheme1\AppData\Roaming\Mozilla\Extensions
[2014/11/17 14:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mayheme1\AppData\Roaming\Mozilla\Firefox\Profiles\tfohzgt0.default\extensions
[2014/11/28 18:31:10 | 000,000,000 | ---D | M] (Dr.Web Anti-Virus Link Checker) -- C:\Users\Mayheme1\AppData\Roaming\Mozilla\Firefox\Profiles\tfohzgt0.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2014/01/08 21:29:59 | 000,348,260 | ---- | M] () (No name found) -- C:\Users\Mayheme1\AppData\Roaming\Mozilla\Firefox\Profiles\tfohzgt0.default\extensions\[email protected]
[2011/03/17 01:35:46 | 000,001,832 | ---- | M] () -- C:\Users\Mayheme1\AppData\Roaming\Mozilla\Firefox\Profiles\tfohzgt0.default\searchplugins\bing.xml
[2014/06/06 18:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/06/06 18:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/06 18:04:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/04 20:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/06/04 20:12:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/20 19:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 19:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 19:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2014/11/08 09:25:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [SubliminalMessages] C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\SubliminalMessages.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28371F2B-6892-4372-AA00-E20B4EA0932E}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FCC544A-8AF2-40BC-BF78-EFDA095D90EA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/25 17:46:25 | 001,127,424 | ---- | M] (Farbar) -- C:\Users\Mayheme1\Desktop\FRST.exe
[2015/02/25 16:54:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/07 20:08:06 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
 
========== Files Created - No Company Name ==========
 
[2014/12/11 19:52:55 | 000,302,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/12/10 20:29:37 | 000,103,832 | ---- | C] () -- C:\Users\Mayheme1\GoToAssistDownloadHelper.exe
[2014/12/04 19:45:42 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2014/12/02 19:19:41 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/06/28 17:50:45 | 000,000,008 | RHS- | C] () -- C:\Users\Mayheme1\ntuser.pol
[2013/09/28 03:31:36 | 000,001,188 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/16 06:38:07 | 000,000,600 | ---- | C] () -- C:\Users\Mayheme1\PUTTY.RND
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/05/29 22:44:43 | 000,000,000 | ---D | M] -- C:\Users\Mayheme1\AppData\Roaming\AVG10
[2011/01/31 12:36:42 | 000,000,000 | ---D | M] -- C:\Users\Mayheme1\AppData\Roaming\CheckPoint
[2014/10/31 16:47:30 | 000,000,000 | ---D | M] -- C:\Users\Mayheme1\AppData\Roaming\JAM Software
[2014/04/09 15:20:21 | 000,000,000 | ---D | M] -- C:\Users\Mayheme1\AppData\Roaming\Mind of Winner
[2014/11/28 18:31:10 | 000,000,000 | ---D | M] -- C:\Users\Mayheme1\AppData\Roaming\QuickScan
[2014/11/28 18:31:10 | 000,000,000 | ---D | M] -- C:\Users\Mayheme1\AppData\Roaming\supportdotcom
[2012/08/11 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Mayheme1\AppData\Roaming\WildTangent
[2014/11/03 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Mayheme1\AppData\Roaming\www.shadowexplorer.com
 
========== Purity Check ==========
 
 
 
< End of report >

Attached Files

  • Attached File  OTL.Txt   36.07KB   149 downloads

  • 0

Advertisements

#2
RKinner
Posted 27 February 2015 - 08:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

How do you know you have parasites and why are you so sure they are benign?

 

Did you install this  Subliminal Messages program?

 

Get Process Explorer

 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
 
 

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • click on the Addition.txt box. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
    •  
     
     
    Go to http://www.speedtest.net/ and click on Begin Test
     
    When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
     
    Compare the results to what you are paying your ISP for.  You might also do the same test during the day when you parasites are not so active and then in the evening when they wake up.
     
     

     

     

     


    • 0

    #3
    Gib80
    Posted 28 February 2015 - 09:24 AM

    Gib80

      Member

    • Topic Starter
    • Member
    • PipPip
    • 46 posts

    I have something because the computer is behaving strangely, its different from the way it
    behaved before. I did check before with a speedtest 3 times in the past on this laptop and
    that was sometime late last year when I did the speed test, I checked with the aid of a
    technician and I passed the test. Do you want me to test my pc anyway?

    I don't want to forget to mention that the problem is a mild one, because it runs a little
    bit better during the day time and its mild compared to previous problems that I had that
    includes random settings changes. I hope that makes sense!

    Oh, I almost forgot, yes I did install SM!


    • 0

    #4
    Gib80
    Posted 28 February 2015 - 07:35 PM

    Gib80

      Member

    • Topic Starter
    • Member
    • PipPip
    • 46 posts

    Hello, I'm back now. Sorry it took me so long!

    Attached Files


    • 0
    Back to Virus, Spyware, Malware Removal · Next Unread Topic →




    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Virus, Spyware, Malware Removal

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP