Jump to content

Infected computer


Recommended Posts

For some time now I have been experiencing problems with my computer. It's not a very good one I grant you that, but lately it has been driving me mad. It works more or less normally until I try surfing the net. Then all hell breaks loose. Pages start flicking on and off, the browsers turn off by them selves, the connection is as fast as a dead horse, it takes from 2 - 10 minutes for a page to open. It's like being in the Exorcist. Since I am a complete idiot when it comes to computers, I did what I could. I tried scanning and cleaning it with anti virus programs, I uninstalled all the programs I didn't use, but nothing seemed to help. A few days ago, a friend told me to try cleaning it of malware (which I didn't even know existed :() and gave me the name of this site. I downloaded, installed, updated and did a Quick Scan with Malwarebytes Anti-Malware. It's a lot better now, but I still have problems with opening pages - it's still pretty slow (the connection I pay for is the fastest one here you can have - 1GB) and sometimes it doesn't open them properly (half the information is missing). Please help me  :(  

 

P.S. I did that DDS thing and I saved the logs to my desktop, but I wasn't sure if I was supposed to put them here, since it says in the instructions to copy - paste it in my next reply.

Link to post
Share on other sites

Hello immaculate and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Copy/paste them here, please.
Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.45.2
Run by Meri at 13:03:59 on 2014-01-18
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.381.1033.18.2496.1686 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.


BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LiveSupport] "c:\program files\livesupport\LiveSupport.exe" /noshow /log
mRun: [EaseUS EPM tray] c:\program files\easeus\easeus partition master 9.2.2\bin\EpmNews.exe
mRun: [LWBMOUSE] c:\program files\browser mouse\browser mouse\1.0\lwbwheel.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [EzPrint] "c:\program files\lexmark 5600-6600 series\ezprint.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}



TCP: NameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{7863001D-CD95-49B9-BD11-13922E216B60} : DHCPNameServer = 89.216.1.40 89.216.1.50
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2013-10-5 101888]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-13 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-13 701512]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2007-1-1 5120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-13 22856]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
.
=============== File Associations ===============
.
FileExt: .js: Applications\Palemoon-Portable.exe="c:\program files\palemoon-portable-3.6.9\Palemoon-Portable.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2014-01-17 12:55:26    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{e4b635ff-7009-4665-b6f9-085e1c9a9e53}\mpengine.dll
2014-01-13 22:00:15    --------    d-----w-    c:\users\meri\appdata\roaming\Deep Shadows
2014-01-13 21:56:12    --------    d-----w-    c:\windows\Haunted Train - Spirits of Charon Collectors Edition
2014-01-13 01:55:35    --------    d-----w-    c:\users\meri\appdata\roaming\Malwarebytes
2014-01-13 01:55:13    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-13 01:55:08    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-13 01:55:08    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-01-12 17:11:48    --------    d-----w-    c:\users\meri\appdata\roaming\GameCartel
2014-01-12 16:14:55    --------    d-----w-    c:\windows\Shtriga Summer Camp
2014-01-11 11:50:04    --------    d-----w-    c:\windows\New Yankee 3 - In Santas Service
2014-01-06 12:23:23    --------    d-----w-    c:\users\meri\appdata\roaming\BlamGames
2014-01-06 11:25:35    --------    d-----w-    c:\windows\Dangerous Games - Prisoners of Destiny CE
2014-01-02 11:49:04    --------    d-----w-    c:\users\meri\appdata\roaming\Gogii Games
2013-12-25 10:47:39    --------    d-----w-    c:\users\meri\appdata\roaming\Elephant Games
.
==================== Find3M  ====================
.
2013-11-19 10:21:30    230048    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:04:33.99 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 01-Jan-07 00:33:42
System Uptime: 18-Jan-14 12:07:15 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | M61SME-S2
Processor: AMD Sempron Processor 3400+ | Socket M2 | 1800/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 10.685 GiB free.
D: is FIXED (NTFS) - 60 GiB total, 30.434 GiB free.
E: is FIXED (NTFS) - 60 GiB total, 7.586 GiB free.
F: is FIXED (NTFS) - 75 GiB total, 11.723 GiB free.
G: is CDROM ()
H: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.57
ABBYY FineReader 6.0 Sprint
AC-3 ACM Codec
ACDSee Pro 2.5
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.5.5
BitTorrent
Browser Mouse Browser Mouse 1.0
Compatibility Pack for the 2007 Office system
Foxit Reader
Free WAV to MP3 Converter 7.6.0
Freemake Video Converter version 4.0.4
Google Chrome
Google Update Helper
Haunted Train - Spirits of Charon Collectors Edition
Java 7 Update 45
Java Auto Updater
Java SE Development Kit 7 Update 25
Java SE Runtime Environment 6
K-Lite Mega Codec Pack 5.5.1
Lexmark 5600-6600 Series
Maintenance Samsung ML-191x 252x Series
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Windows Media Video 9 VCM
MV2Player (remove only)
Nero 8 Ultra Edition HD
neroxml
New Yankee 3 - In Santas Service
Office 2003 Add-in Latin and Cyrillic Transliteration
PDFill PDF Editor with FREE Writer and FREE Tools
Search Assistant WebSearch 1.74
Spelling Dictionaries Support For Adobe Reader 9
UltraISO Premium V8.61
VCRedistSetup
WaveLab 6
WhereIsIt? 3.92
Winamp
WinRAR archiver
WinZip
XviD MPEG4 Video Codec (remove only)
.
==== Event Viewer Messages From Past Week ========
.
18-Jan-14 12:07:34, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the file specified.
17-Jan-14 13:32:53, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12-Jan-14 20:53:52, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR3.
.
==== End Of File ===========================
 

Link to post
Share on other sites

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are done, please generate a new fresh DDS log files.

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.45.2
Run by Meri at 11:19:17 on 2014-01-22
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.381.1033.18.2496.1489 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Palemoon-Portable-3.6.9\Palemoon-Portable.exe
C:\Program Files\Palemoon-Portable-3.6.9\Bin\Palemoon\Palemoon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.


BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LiveSupport] "c:\program files\livesupport\LiveSupport.exe" /noshow /log
mRun: [EaseUS EPM tray] c:\program files\easeus\easeus partition master 9.2.2\bin\EpmNews.exe
mRun: [LWBMOUSE] c:\program files\browser mouse\browser mouse\1.0\lwbwheel.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [EzPrint] "c:\program files\lexmark 5600-6600 series\ezprint.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}



TCP: NameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{7863001D-CD95-49B9-BD11-13922E216B60} : DHCPNameServer = 89.216.1.40 89.216.1.50
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl51849e81;MpKsl51849e81;c:\programdata\microsoft\microsoft antimalware\definition updates\{ed45ce6e-5683-41aa-b1e8-8201c5546803}\MpKsl51849e81.sys [2014-1-22 40392]
R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2013-10-5 101888]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-13 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-13 701512]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2007-1-1 5120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-13 22856]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
.
=============== File Associations ===============
.
FileExt: .js: Applications\Palemoon-Portable.exe="c:\program files\palemoon-portable-3.6.9\Palemoon-Portable.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2014-01-22 10:13:26    40392    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ed45ce6e-5683-41aa-b1e8-8201c5546803}\MpKsl51849e81.sys
2014-01-21 11:14:33    7760024    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ed45ce6e-5683-41aa-b1e8-8201c5546803}\mpengine.dll
2014-01-13 22:00:15    --------    d-----w-    c:\users\meri\appdata\roaming\Deep Shadows
2014-01-13 01:55:35    --------    d-----w-    c:\users\meri\appdata\roaming\Malwarebytes
2014-01-13 01:55:13    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-13 01:55:08    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-13 01:55:08    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-01-12 17:11:48    --------    d-----w-    c:\users\meri\appdata\roaming\GameCartel
2014-01-06 12:23:23    --------    d-----w-    c:\users\meri\appdata\roaming\BlamGames
2014-01-02 11:49:04    --------    d-----w-    c:\users\meri\appdata\roaming\Gogii Games
2013-12-25 10:47:39    --------    d-----w-    c:\users\meri\appdata\roaming\Elephant Games
.
==================== Find3M  ====================
.
2014-01-19 07:32:23    231584    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 11:19:58.05 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 01-Jan-07 00:33:42
System Uptime: 22-Jan-14 10:02:07 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | M61SME-S2
Processor: AMD Sempron Processor 3400+ | Socket M2 | 1800/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 11.108 GiB free.
D: is FIXED (NTFS) - 60 GiB total, 29.716 GiB free.
E: is FIXED (NTFS) - 60 GiB total, 7.583 GiB free.
F: is FIXED (NTFS) - 75 GiB total, 11.594 GiB free.
G: is CDROM ()
H: is CDROM ()
J: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.57
ABBYY FineReader 6.0 Sprint
AC-3 ACM Codec
ACDSee Pro 2.5
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.5.5
BitTorrent
Browser Mouse Browser Mouse 1.0
Compatibility Pack for the 2007 Office system
Foxit Reader
Free WAV to MP3 Converter 7.6.0
Freemake Video Converter version 4.0.4
Google Chrome
Google Update Helper
Java 7 Update 45
Java Auto Updater
Java SE Development Kit 7 Update 25
Java SE Runtime Environment 6
K-Lite Mega Codec Pack 5.5.1
Lexmark 5600-6600 Series
Maintenance Samsung ML-191x 252x Series
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Windows Media Video 9 VCM
MV2Player (remove only)
Nero 8 Ultra Edition HD
neroxml
Office 2003 Add-in Latin and Cyrillic Transliteration
PDFill PDF Editor with FREE Writer and FREE Tools
Search Assistant WebSearch 1.74
Spelling Dictionaries Support For Adobe Reader 9
UltraISO Premium V8.61
VCRedistSetup
WaveLab 6
WhereIsIt? 3.92
Winamp
WinRAR archiver
WinZip
XviD MPEG4 Video Codec (remove only)
.
==== Event Viewer Messages From Past Week ========
.
22-Jan-14 10:02:21, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the file specified.
19-Jan-14 18:05:37, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.
17-Jan-14 13:32:53, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Step 1

Note: Don't fix anything without my instructions

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
In your next reply, post the following log files:
  • RogueKiller log
  • OTL log with Extras.txt
Link to post
Share on other sites

RogueKiller Report

 

 

RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Meri [Admin rights]
Mode : Scan -- Date : 01/23/2014 13:45:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD16 00AAJS-00L7A SCSI Disk Device +++++
--- User ---
[MBR] 0ae5d4c37e5c2a220c6ef8b5cbb36538
[bSP] 05c58d8f75e9c3d858da05f4b4d91221 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 30239 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61930575 | Size: 122385 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) WDC WD80 0BD-08MRA1 SCSI Disk Device +++++
--- User ---
[MBR] a12ad3c02b4e657932e7678d0b043a9d
[bSP] eb4327304b12d260216e88c899fe196a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_01232014_134522.txt >>



 

Link to post
Share on other sites

OTL logfile

 

OTL logfile created on: 23-Jan-14 13:56:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meri\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
 
2.44 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 66.05% Memory free
4.87 Gb Paging File | 4.05 Gb Available in Paging File | 83.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.53 Gb Total Space | 11.07 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive D: | 59.76 Gb Total Space | 29.71 Gb Free Space | 49.72% Space Free | Partition Type: NTFS
Drive E: | 59.76 Gb Total Space | 7.58 Gb Free Space | 12.69% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 11.59 Gb Free Space | 15.55% Space Free | Partition Type: NTFS
Drive J: | 1.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MERI-PC | User Name: Meri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-01-23 13:54:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meri\Desktop\OTL.exe
PRC - [2013-09-26 11:50:04 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010-11-30 12:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010-11-20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-11-11 11:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010-11-11 11:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010-11-11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010-02-04 04:10:51 | 000,131,752 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
PRC - [2010-02-04 04:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2009-10-16 10:06:30 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2009-08-14 09:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008-02-28 16:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2001-03-26 05:35:20 | 000,429,568 | ---- | M] () -- C:\Program Files\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010-02-04 04:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2010-02-04 03:28:36 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2010-02-04 03:28:27 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2010-02-04 03:28:26 | 001,036,288 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdudrs.dll
MOD - [2010-02-04 03:27:21 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\iptk.dll
MOD - [2010-02-04 03:17:11 | 000,188,416 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdudatr.dll
MOD - [2010-02-04 03:17:07 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2009-08-14 09:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2007-09-06 04:11:34 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxduptp.dll
MOD - [2001-07-31 03:01:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Browser Mouse\Browser Mouse\1.0\MouseDll.dll
MOD - [2001-03-26 05:35:20 | 000,429,568 | ---- | M] () -- C:\Program Files\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013-09-26 11:50:04 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010-11-11 11:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010-11-11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009-10-16 10:06:30 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2014-01-23 13:43:25 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B9E0A5C-4B7F-4E1B-9379-3891BAC911A8}\MpKsl94e76270.sys -- (MpKsl94e76270)
DRV - [2013-04-04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-11-20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010-11-20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010-11-20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010-11-20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010-11-20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010-11-20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-10-24 20:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010-10-24 20:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009-06-10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-02-23 12:08:26 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007-01-24 13:45:28 | 000,067,584 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.relevantsearch.info/?l=1&q={searchTerms}&pid=512&r=2013/10/15&hid=2021614391289191988&lg=EN&cc=RS&unqvl=38
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1814822645-1294680365-517654449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arccosine.com/
IE - HKU\S-1-5-21-1814822645-1294680365-517654449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1814822645-1294680365-517654449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1814822645-1294680365-517654449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 77 FE B8 7F 87 CE 01  [binary data]
IE - HKU\S-1-5-21-1814822645-1294680365-517654449-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1814822645-1294680365-517654449-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1814822645-1294680365-517654449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..browser.startup.homepage: "http://www.arccosine.com/"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.relevantsearch.info/?pid=512&r=2013/10/15&hid=2021614391289191988&lg=EN&cc=RS&unqvl=38&l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.relevantsearch.info/?pid=512&r=2013/10/15&hid=2021614391289191988&lg=EN&cc=RS&unqvl=38&l=1&q="
FF - prefs.js..browser.search.selectedEngine: "Arccosine"
FF - prefs.js..keyword.URL: "http://www.arccosine.com/search.php?q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013-10-05 02:06:11 | 000,000,000 | ---D | M]
 
[2013-07-23 11:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meri\AppData\Roaming\Mozilla\Extensions
[2013-08-20 12:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meri\AppData\Roaming\Mozilla\Firefox\Profiles\lmjy5nh4.default\extensions
[2013-11-08 13:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meri\AppData\Roaming\Mozilla\Firefox\Profiles\lmjy5nh4.default\extensions\staged
[2013-11-08 13:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meri\AppData\Roaming\Mozilla\Firefox\Profileslmjy5nh4.default\extensions
[2013-11-08 13:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meri\AppData\Roaming\Mozilla\Firefox\Profileslmjy5nh4.default\extensions\staged
[2013-10-15 08:36:41 | 000,000,655 | ---- | M] () -- C:\Users\Meri\AppData\Roaming\Mozilla\Firefox\Profiles\lmjy5nh4.default\searchplugins\WebSearch.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: google.com (Enabled)
CHR - default_search_provider: search_url = https://www.google.com/search?output=search&sclient=psy-ab&q={searchTerms}&btnG=&oq=&gs_l=&pbx=1
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://websearch.relevantsearch.info/?pid=512&r=2013/10/15&hid=2021614391289191988&lg=EN&cc=RS&unqvl=38
CHR - Extension: Freemake Video Converter = C:\Users\Meri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Google \u043D\u043E\u0432\u0447\u0430\u043D\u0438\u043A = C:\Users\Meri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
 
O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [EaseUS EPM tray] C:\Program Files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe File not found
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\LwbWheel.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKU\S-1-5-21-1814822645-1294680365-517654449-1000..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-1814822645-1294680365-517654449-1000..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.216.1.40 89.216.1.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7863001D-CD95-49B9-BD11-13922E216B60}: DhcpNameServer = 89.216.1.40 89.216.1.50
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-01-23 13:54:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meri\Desktop\OTL.exe
[2014-01-23 13:42:53 | 000,000,000 | ---D | C] -- C:\Users\Meri\Desktop\RK_Quarantine
[2014-01-22 11:12:11 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Meri\Desktop\dds.scr
[2014-01-15 14:38:36 | 000,000,000 | ---D | C] -- C:\Users\Meri\Desktop\Discover English 1
[2014-01-13 23:00:15 | 000,000,000 | ---D | C] -- C:\Users\Meri\AppData\Roaming\Deep Shadows
[2014-01-13 02:55:35 | 000,000,000 | ---D | C] -- C:\Users\Meri\AppData\Roaming\Malwarebytes
[2014-01-13 02:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-01-13 02:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-01-13 02:55:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014-01-13 02:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014-01-12 18:11:48 | 000,000,000 | ---D | C] -- C:\Users\Meri\AppData\Roaming\GameCartel
[2014-01-06 13:23:23 | 000,000,000 | ---D | C] -- C:\Users\Meri\AppData\Roaming\BlamGames
[2014-01-02 12:49:04 | 000,000,000 | ---D | C] -- C:\Users\Meri\AppData\Roaming\Gogii Games
[2013-12-25 11:47:39 | 000,000,000 | ---D | C] -- C:\Users\Meri\AppData\Roaming\Elephant Games
 
========== Files - Modified Within 30 Days ==========
 
[2014-01-23 13:55:58 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-01-23 13:54:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meri\Desktop\OTL.exe
[2014-01-23 13:16:46 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-01-23 13:16:46 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-01-23 13:13:51 | 000,617,910 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014-01-23 13:13:51 | 000,107,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014-01-23 13:10:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-01-23 13:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-01-23 13:09:17 | 1962,582,016 | -HS- | M] () -- C:\hiberfil.sys
[2014-01-22 11:12:07 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Meri\Desktop\dds.scr
[2014-01-15 16:22:42 | 002,729,659 | ---- | M] () -- C:\Users\Meri\Desktop\2012-cee-photocopiable-materials.pdf
[2014-01-15 14:51:26 | 003,314,451 | ---- | M] () -- C:\Users\Meri\Desktop\NEA_1_AB_PL_U1.pdf
[2014-01-15 14:50:52 | 007,708,171 | ---- | M] () -- C:\Users\Meri\Desktop\Broszura Plakat NewEnglishAdventure (2).pdf
[2014-01-15 14:50:07 | 006,754,743 | ---- | M] () -- C:\Users\Meri\Desktop\NEA_1_PB_U1_przykladowy.pdf
[2014-01-07 21:46:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2014-01-15 16:22:40 | 002,729,659 | ---- | C] () -- C:\Users\Meri\Desktop\2012-cee-photocopiable-materials.pdf
[2014-01-15 14:51:19 | 003,314,451 | ---- | C] () -- C:\Users\Meri\Desktop\NEA_1_AB_PL_U1.pdf
[2014-01-15 14:50:49 | 007,708,171 | ---- | C] () -- C:\Users\Meri\Desktop\Broszura Plakat NewEnglishAdventure (2).pdf
[2014-01-15 14:50:02 | 006,754,743 | ---- | C] () -- C:\Users\Meri\Desktop\NEA_1_PB_U1_przykladowy.pdf
[2014-01-07 21:46:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013-12-25 11:47:07 | 001,186,223 | ---- | C] () -- C:\Users\Meri\Desktop\Oh No, Not Hangman Again.pdf
[2013-11-17 01:42:22 | 000,000,464 | ---- | C] () -- C:\Users\Meri\AppData\Roaming\AutoGK.ini
[2013-10-05 01:32:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013-07-27 14:04:42 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2013-07-27 14:04:42 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2013-07-27 13:22:47 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2013-07-27 13:22:47 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2013-07-27 13:22:47 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2013-07-27 13:18:25 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2013-07-27 13:18:24 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2013-07-27 13:18:22 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2013-07-27 13:18:21 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2013-07-27 13:18:20 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2013-07-27 13:18:20 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2013-07-27 13:18:19 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2013-07-27 13:18:18 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2013-07-27 13:18:17 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2013-07-27 13:18:17 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2013-07-27 13:18:16 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2013-07-27 13:18:16 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2013-07-27 13:18:14 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2013-07-27 13:18:13 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2013-07-23 11:54:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013-07-23 11:16:11 | 000,001,024 | ---- | C] () -- C:\Users\Meri\.rnd
[2013-07-23 11:15:00 | 000,007,605 | ---- | C] () -- C:\Users\Meri\AppData\Local\Resmon.ResmonCfg
[2013-07-23 10:45:45 | 000,004,608 | ---- | C] () -- C:\Users\Meri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-07-23 10:28:42 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2013-07-23 10:28:41 | 002,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2013-07-23 10:28:40 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2013-07-23 10:28:40 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013-07-23 10:28:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013-07-23 10:28:37 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013-07-23 10:17:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-11-20 22:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2007-01-01 00:21:33 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\5600-6600 Series
[2013-07-23 10:22:50 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\ACD Systems
[2014-01-11 12:50:44 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\AlawarEntertainment
[2007-01-01 00:57:17 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\Audacity
[2014-01-22 00:35:25 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\BitTorrent
[2014-01-06 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\BlamGames
[2013-07-23 10:00:38 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\Conceptworld
[2014-01-13 23:00:15 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\Deep Shadows
[2013-12-25 11:47:39 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\Elephant Games
[2013-07-27 14:10:51 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\Foxit Software
[2013-11-04 13:16:02 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\Free WAV to MP3 Converter
[2014-01-12 18:11:48 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\GameCartel
[2014-01-02 12:49:04 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\Gogii Games
[2013-08-02 09:43:56 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\HipSoft
[2007-01-01 00:41:43 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\Lexmark Productivity Studio
[2013-07-23 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\Moonchild Productions
[2013-07-23 10:02:16 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\NCH Swift Sound
[2013-11-08 13:02:41 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\SimilarSites
[2013-10-05 02:22:17 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\TuneUp Software
[2013-07-23 11:51:43 | 000,000,000 | ---D | M] -- C:\Users\Meri\AppData\Roaming\YCanPDF
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
 

 

OTL Extras logfile

 

 

OTL Extras logfile created on: 23-Jan-14 13:56:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meri\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
 
2.44 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 66.05% Memory free
4.87 Gb Paging File | 4.05 Gb Available in Paging File | 83.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.53 Gb Total Space | 11.07 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive D: | 59.76 Gb Total Space | 29.71 Gb Free Space | 49.72% Space Free | Partition Type: NTFS
Drive E: | 59.76 Gb Total Space | 7.58 Gb Free Space | 12.69% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 11.59 Gb Free Space | 15.55% Space Free | Partition Type: NTFS
Drive J: | 1.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MERI-PC | User Name: Meri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1814822645-1294680365-517654449-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007AA818-C8A6-46A4-A8B1-B092D67A4D9A}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{066BF915-700D-40EB-8304-3E8EF7692A01}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{167BF8F6-AF98-4AE2-B1D3-D93E727EB2F5}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe |
"{18A94E7A-F4CD-4CEA-91DC-7797F909C2E5}" = protocol=17 | dir=in | app=c:\users\meri\appdata\roaming\bittorrent\bittorrent.exe |
"{1C1E6394-8AF6-4E67-907D-E0FCF1E11F72}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe |
"{213B56DE-85C5-4DDA-ADC3-BE5AF51BB75F}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{2AD955FD-5983-4E30-8AC6-D81EF1F45995}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{39C47FC6-8473-4BB0-8863-723713C3E929}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{3AE5A89A-6DE4-4AAA-AB95-570A80CCC8AA}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{4B4E094C-9BF1-4AAA-8DCC-4B552FDCCB83}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{4C52E986-CFC5-4A80-8E0F-C9470C58FB75}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{6CD55CE0-B4FD-407F-AB15-950EA0782307}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{726E52C8-7EBE-4ED0-BB46-06AC891671A5}" = protocol=6 | dir=in | app=c:\users\meri\appdata\roaming\bittorrent\bittorrent.exe |
"{7B1611BF-0E9F-406F-A36D-FB6DFA8A6834}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{8002B3DE-E36F-4813-84B8-0345960EAF04}" = protocol=17 | dir=in | app=c:\users\meri\appdata\roaming\bittorrent\bittorrent.exe |
"{96D14FA2-C71B-4E0B-B840-083B03F00595}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{9ED810B7-3FC3-4EE1-AD74-E5204886437D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe |
"{B312994C-5074-4A33-B758-4E91D3D72536}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{C640BAC0-DE79-4B63-A704-240500C6E239}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{D857B96C-A46B-4D8F-A640-BCB5B5F4B1E4}" = protocol=6 | dir=in | app=c:\users\meri\appdata\roaming\bittorrent\bittorrent.exe |
"{D957BD19-E1A5-4E7F-92D9-F467E478782E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe |
"{DFC22F17-A6B6-45DD-9018-9D1C391896EC}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"TCP Query User{44AB725A-7AAD-4C03-B294-E8B5E938F4C7}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"TCP Query User{73CE6D3E-82C0-4F7E-9F37-30BA0A927906}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{55D3BE67-917D-4DEC-901B-6D91B0064105}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{9196A444-EDF9-40D7-8DDC-49F5666165BD}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0170250}" = Java SE Development Kit 7 Update 25
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51312349-0B4D-450E-AFAA-03CC28A9531F}" = Office 2003 Add-in Latin and Cyrillic Transliteration
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8 Ultra Edition HD
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"7A8557C6-547D-42CC-B72E-F42F60F0B686_is1" = Free WAV to MP3 Converter 7.6.0
"7-Zip" = 7-Zip 4.57
"AC3ACM" = AC-3 ACM Codec
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Browser Mouse Browser Mouse" = Browser Mouse Browser Mouse 1.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Foxit Reader_is1" = Foxit Reader
"Freemake Video Converter_is1" = Freemake Video Converter version 4.0.4
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MV2Player" = MV2Player (remove only)
"Samsung ML-191x 252x Series" = Maintenance Samsung ML-191x 252x Series
"SP_b0285714" = Search Assistant WebSearch 1.74
"UltraISO_is1" = UltraISO Premium V8.61
"WaveLabPro" = WaveLab 6
"whereisit-wii_is1" = WhereIsIt? 3.92
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1814822645-1294680365-517654449-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19-Jan-14 16:08:55 | Computer Name = Meri-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 31-Dec-06 19:04:58 | Computer Name = Meri-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 31-Dec-06 19:52:50 | Computer Name = Meri-PC | Source = Application Hang | ID = 1002
Description = The program audacity.exe version 2.0.5.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: dc0    Start
 Time: 01c72d368c850440    Termination Time: 71    Application Path: C:\Program Files\Audacity\audacity.exe

Report
 Id:   
 
Error - 21-Jan-14 07:04:30 | Computer Name = Meri-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21-Jan-14 16:54:46 | Computer Name = Meri-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21-Jan-14 19:34:53 | Computer Name = Meri-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22-Jan-14 05:04:06 | Computer Name = Meri-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22-Jan-14 17:43:05 | Computer Name = Meri-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22-Jan-14 18:14:59 | Computer Name = Meri-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 23-Jan-14 08:11:12 | Computer Name = Meri-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 31-Dec-06 19:03:13 | Computer Name = Meri-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 21-Jan-14 07:02:45 | Computer Name = Meri-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 21-Jan-14 16:53:01 | Computer Name = Meri-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 21-Jan-14 19:33:04 | Computer Name = Meri-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:30:50 AM on ?1/?22/?2014 was unexpected.
 
Error - 21-Jan-14 19:33:09 | Computer Name = Meri-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 22-Jan-14 05:02:21 | Computer Name = Meri-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 22-Jan-14 17:41:25 | Computer Name = Meri-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 22-Jan-14 17:42:15 | Computer Name = Meri-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
 %%835     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%842
 
Error - 23-Jan-14 08:09:30 | Computer Name = Meri-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 23-Jan-14 08:10:12 | Computer Name = Meri-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
 %%835     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%842
 
 
< End of report >
 

Link to post
Share on other sites

Step 1

Please download http://websearch.rel...unqvl=38&l=1&q="

FF - prefs.js..browser.search.order.1,S: S", "WebSearch"

FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"

FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"

FF - prefs.js..keyword.URL: "http://websearch.rel...unqvl=38&l=1&q="

FF - prefs.js..browser.search.selectedEngine: "Arccosine"

FF - prefs.js..keyword.URL: "http://websearch.rel...&cc=RS&unqvl=38

:files

ipconfig /flushdns /c

:Commands

[emptytemp]

Then click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is donePlease post the OTL fix log in your next reply.Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • OTL Fix log
Link to post
Share on other sites

Junkware Removal Tool log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x86
Ran by Meri on 25-Jan-14 at  1:28:38.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\livesupport



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\livesupport_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\livesupport_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-books-downloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_google-books-downloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\websearch"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25-Jan-14 at  1:35:04.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

AdwCleaner log

 

# AdwCleaner v3.017 - Report created 25/01/2014 at 01:40:23
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Meri - MERI-PC
# Running from : C:\Users\Meri\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\savEnsharee,
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\SimilarSites
Folder Deleted : C:\Users\Meri\AppData\LocalLow\savEnsharee,
Folder Deleted : C:\Users\Meri\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Meri\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\Meri\AppData\Roaming\Mozilla\Firefox\Profiles\lmjy5nh4.default\Extensions\staged
File Deleted : C:\Users\Meri\AppData\Roaming\Mozilla\Firefox\Profiles\lmjy5nh4.default\searchplugins\WebSearch.xml
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v

[ File : C:\Users\Meri\AppData\Roaming\Mozilla\Firefox\Profiles\lmjy5nh4.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");

Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Meri\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [3103 octets] - [25/01/2014 01:37:29]
AdwCleaner[s0].txt - [3104 octets] - [25/01/2014 01:40:23]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3164 octets] ##########
 

 

 

OTL Fix log

 

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKU\S-1-5-21-1814822645-1294680365-517654449-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://websearch.rel...unqvl=38&l=1&q=" removed from browser.search.defaulturl
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
Prefs.js: "http://websearch.rel...unqvl=38&l=1&q=" removed from keyword.URL
Prefs.js: "Arccosine" removed from browser.search.selectedEngine
Prefs.js: "http://www.arccosine.com/search.php?q=" removed from keyword.URL
File C:\Users\Meri\AppData\Roaming\Mozilla\Firefox\Profiles\lmjy5nh4.default\searchplugins\WebSearch.xml not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Meri\Desktop\cmd.bat deleted successfully.
C:\Users\Meri\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Meri
->Temp folder emptied: 29623 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 806 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01252014_015112

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

I don't know if i messed something up. When I did that last thing - the OTL, I copied from the word "quote" downwards (i'm a blonde :(). When I went to post the logs, I saw what I had done, so I did the OTL thing again - but without the "quote" :) In the message above, the OTL log is the second one. The one below is the first one which I'm posting here just in case. Sorry... :blush:

Link to post
Share on other sites

OTL Fix log

 

All processes killed
Error: Unable to interpret <Quote> in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKU\S-1-5-21-1814822645-1294680365-517654449-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://websearch.rel...unqvl=38&l=1&q=" removed from browser.search.defaulturl
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
Prefs.js: "http://websearch.rel...unqvl=38&l=1&q=" removed from keyword.URL
Prefs.js: "Arccosine" removed from browser.search.selectedEngine
Prefs.js: "http://www.arccosine.com/search.php?q=" removed from keyword.URL
File C:\Users\Meri\AppData\Roaming\Mozilla\Firefox\Profiles\lmjy5nh4.default\searchplugins\WebSearch.xml not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Meri\Desktop\cmd.bat deleted successfully.
C:\Users\Meri\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Meri
->Temp folder emptied: 1097205779 bytes
->Temporary Internet Files folder emptied: 31743090 bytes
->Java cache emptied: 71649889 bytes
->FireFox cache emptied: 2227623 bytes
->Google Chrome cache emptied: 23555534 bytes
->Flash cache emptied: 24582 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 424872496 bytes
RecycleBin emptied: 7662514 bytes
 
Total Files Cleaned = 1,582.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01252014_014532

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

Glad I could help! :)

Last steps:

Step 1

Please run OTL and click on CleanUp button.

Step 2

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.