Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser/Adobe Reader stalling

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser/Adobe Reader stalling

Unread postby sigsky » December 7th, 2014, 6:26 pm

I have been having browser issues for some time which has affected IE, Firefox and Chrome pretty much equally. The first time I launch a browser after Vista startup I get a blank screen and the computer freezes for about a minute. Cursor is an arrow which I can move but there is no response to clicking on anything. Then screen jumps and browser operates normally. Subsequent browser launches are unpredictable, sometimes normal, sometimes shorter stall. Recently I started getting the same action from Adobe Reader except there is hesitation after every mouse click and a not responding message appears at the top. I noticed the was a new release so I uninstalled my current version after downloading the new one. The installer will not run, it shows up in the Task List for a while but does nothing.

I cannot run DDS (either version, NSIS Error writing temporary file. Make sure your temp folder is valid)

Would appreciate any assistance.

Here are OTL logs

OTL logfile created on: 12/7/2014 4:40:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Favorites\Downloads\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.79% Memory free
4.18 Gb Paging File | 2.96 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.38 Gb Total Space | 103.93 Gb Free Space | 36.04% Space Free | Partition Type: NTFS
Drive D: | 9.71 Gb Total Space | 3.02 Gb Free Space | 31.05% Space Free | Partition Type: NTFS
Drive H: | 587.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 111.78 Gb Total Space | 94.97 Gb Free Space | 84.96% Space Free | Partition Type: NTFS

Computer Name: SIGLERCENTRAL | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/07 16:37:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Favorites\Downloads\Downloads\OTL.exe
PRC - [2014/11/25 01:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe


========== Modules (No Company Name) ==========

MOD - [2014/11/25 01:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/25 01:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Unknown] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Unknown] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Unknown] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Unknown] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - File not found [On_Demand | Unknown] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - File not found [On_Demand | Unknown] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2014/11/25 16:01:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Unknown] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/23 12:31:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Unknown] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/19 21:39:16 | 000,062,264 | ---- | M] (Duality Software) [Auto | Unknown] -- C:\Program Files\DS Clock\dsetime.exe -- (DSClockSyncTime)
SRV - [2009/02/15 12:49:00 | 002,794,234 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Unknown] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/18 10:01:26 | 000,195,032 | ---- | M] (Intel(R) Corporation) [On_Demand | Unknown] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/11/18 10:00:48 | 000,550,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Unknown] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/11/18 10:00:06 | 000,174,552 | ---- | M] (Intel(R) Corporation) [On_Demand | Unknown] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/11/18 09:59:50 | 000,036,312 | ---- | M] (Intel(R) Corporation) [Auto | Unknown] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2006/11/18 09:59:38 | 000,081,880 | ---- | M] (Intel(R) Corporation) [On_Demand | Unknown] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/11/18 09:59:02 | 000,032,216 | ---- | M] () [On_Demand | Unknown] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/10/29 12:03:30 | 000,208,896 | ---- | M] () [Auto | Unknown] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 15:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Unknown] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\usbscan.sys -- (usbscan)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\drivers\stwrt.sys -- (STHDA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Unknown] -- system32\drivers\netfilter.sys -- (netfilter)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Unknown] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/11/23 12:32:50 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Unknown] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/11/23 12:32:44 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Unknown] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/11/23 12:32:29 | 000,057,928 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/11/23 12:32:28 | 000,206,248 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/11/23 12:32:28 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Unknown] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/11/23 12:32:28 | 000,055,240 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\aswrdr.sys -- (aswRdr)
DRV - [2014/11/23 12:32:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/11/23 12:32:28 | 000,024,184 | ---- | M] () [Kernel | Auto | Unknown] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2013/05/23 01:12:34 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2013/05/23 01:12:32 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013/05/23 01:12:24 | 000,019,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/05/22 15:23:28 | 000,155,648 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\xcbda.sys -- (xcbdaNtsc)
DRV - [2006/12/18 12:09:51 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2006/11/18 10:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Unknown] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/11/16 13:10:44 | 000,214,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/08 18:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/07 22:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 19:53:32 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2006/10/19 18:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Unknown] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/09/27 19:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Unknown] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Unknown] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/08/16 11:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{138235B3-FA12-4084-A20C-4EB5DA65EAE7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si= ... id=2937&q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html ... P&M=GM5420
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html ... P&M=GM5420
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\John\Documents\Downloads
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?mkg=015
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\..\SearchScopes,DefaultScope = {D0AD9E03-ED51-4D51-8597-4AEFB44E9EC7}
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\..\SearchScopes\{138235B3-FA12-4084-A20C-4EB5DA65EAE7}: "URL" = http://search.certified-toolbar.com?si= ... id=2937&q={searchTerms}
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\..\SearchScopes\{4087ADE5-5F1A-4EBF-8D7F-D54860D0DB64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\..\SearchScopes\{94533161-89D6-4D04-96C5-D5E2FBC84855}: "URL" = http://www.bing.com/search?q={searchTerms}&form=OSDSRC
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\..\SearchScopes\{D0AD9E03-ED51-4D51-8597-4AEFB44E9EC7}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.11.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.11.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/11/23 12:32:32 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/12/02 20:32:15 | 000,450,028 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15474 more lines...
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O7 - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 5.15.0.cab (Reg Error: Key error.)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download/fi ... tup162.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC6256CD-E5D4-4939-A99B-124FC6267A5C}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999/09/01 10:06:46 | 000,000,000 | ---D | M] - H:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [1999/05/18 19:18:54 | 000,028,160 | R--- | M] () - H:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1999/05/18 19:18:56 | 000,000,089 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1999/05/18 19:18:56 | 000,003,286 | R--- | M] () - H:\AUTORUN.TRE -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.exe)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/03 12:18:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\VP3DLlaptop
[2014/11/30 17:45:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Systweak
[2014/11/29 12:45:57 | 000,000,000 | ---D | C] -- C:\Windows\Favorites
[2014/11/25 18:07:46 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/11/25 18:07:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2014/11/25 13:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/11/23 17:41:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Opera Software
[2014/11/23 17:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2014/11/23 12:32:33 | 000,291,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/11/23 12:32:25 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/17 13:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/11/17 13:11:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\MPC-HC
[2014/11/16 14:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
[2014/11/16 14:18:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\C2MP
[2014/11/12 08:13:19 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2014/11/12 08:13:17 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2014/11/12 08:12:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/11/12 08:11:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2014/11/12 08:11:16 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2014/11/12 08:09:37 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2014/11/12 08:09:36 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2014/11/12 08:09:36 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2014/11/12 08:03:17 | 002,054,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/11/12 07:59:56 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/11/12 07:59:55 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/11/12 07:59:55 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/11/12 07:59:53 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/11/12 07:59:53 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/11/12 07:59:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/11/12 07:59:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/11/12 07:59:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/11/12 07:59:51 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/11/12 07:59:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/11/12 07:59:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/11/12 07:59:44 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/11/12 07:45:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AVAST Software
[2014/11/11 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\AvgSetupLog
[2014/11/11 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Avg
[2014/11/09 09:18:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\InstallShield
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/12/07 16:27:44 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/07 16:10:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/07 16:01:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/07 15:52:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 15:52:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 15:12:34 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/12/07 14:50:07 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2014/12/07 13:58:58 | 000,665,298 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/12/07 13:58:58 | 000,122,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/12/07 13:52:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/07 10:25:50 | 000,008,992 | ---- | M] () -- C:\Windows\John8.xlb
[2014/12/04 10:05:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2014/12/02 20:32:15 | 000,450,028 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/12/02 20:25:08 | 000,450,028 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20141202-203215.backup
[2014/12/02 10:53:00 | 000,400,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/27 13:23:56 | 000,450,028 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20141202-202508.backup
[2014/11/25 16:01:07 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/11/25 16:01:07 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/11/25 14:11:40 | 000,450,028 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20141127-132355.backup
[2014/11/25 13:56:18 | 000,450,028 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20141125-141140.backup
[2014/11/25 12:31:27 | 000,095,744 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/11/23 17:41:05 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2014/11/23 12:32:50 | 000,787,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/11/23 12:32:44 | 000,423,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/11/23 12:32:29 | 000,057,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/11/23 12:32:28 | 000,206,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/11/23 12:32:28 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/11/23 12:32:28 | 000,055,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys
[2014/11/23 12:32:28 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/11/23 12:32:28 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/11/23 12:32:25 | 000,291,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/11/23 12:32:25 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/21 06:14:16 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/11/21 06:14:10 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/11/12 10:52:02 | 000,449,970 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20141125-135618.backup
[2014/11/12 08:11:21 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Chrome.lnk
[2014/11/11 21:19:11 | 000,001,356 | R--- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2014/11/10 10:33:30 | 000,089,151 | ---- | M] () -- C:\Users\John\Documents\bookmarks.html
[2014/11/08 09:58:00 | 000,073,728 | ---- | M] () -- C:\Windows\System32\tasks.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/12/04 10:05:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2014/11/23 17:41:05 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2014/11/23 17:41:05 | 000,000,763 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2014/11/10 10:33:29 | 000,089,151 | ---- | C] () -- C:\Users\John\Documents\bookmarks.html
[2014/11/08 09:57:59 | 000,073,728 | ---- | C] () -- C:\Windows\System32\tasks.dll
[2014/10/10 14:53:03 | 000,000,067 | ---- | C] () -- C:\Users\John\AppData\Roaming\WB.CFG
[2014/09/27 21:12:16 | 000,045,400 | ---- | C] () -- C:\Windows\System32\DiscHandler.exe
[2014/09/25 16:53:04 | 000,000,236 | ---- | C] () -- C:\Windows\System32\Formats.ini
[2014/08/11 21:30:50 | 003,916,288 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2014/08/11 21:30:10 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2014/08/11 21:29:36 | 000,271,360 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2014/08/11 21:29:16 | 000,157,184 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2014/08/11 21:29:16 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2014/08/11 21:29:14 | 001,525,760 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2014/08/11 21:29:14 | 000,211,968 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2014/08/11 21:29:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2014/08/11 21:29:14 | 000,114,688 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2014/08/11 21:29:12 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2014/06/12 05:49:24 | 000,240,784 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2014/04/24 05:13:24 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/04/08 15:50:26 | 000,235,520 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2014/04/08 15:50:16 | 000,632,320 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2014/03/13 08:43:51 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2014/02/28 11:04:27 | 000,206,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/02/28 11:04:26 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/12/16 21:19:30 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2013/12/16 21:15:32 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OptimFROG.dll
[2013/12/16 21:15:30 | 000,047,104 | ---- | C] () -- C:\Windows\System32\bass_tak.dll
[2013/06/27 15:32:17 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 13:01:21 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 13:01:20 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/03/26 10:12:06 | 000,126,777 | R--- | C] () -- C:\Users\John\AppData\Roaming\VideoPad.dmp
[2013/01/09 11:16:51 | 000,365,568 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012/12/24 11:55:14 | 000,011,264 | ---- | C] () -- C:\Windows\Launcher.exe
[2011/02/08 15:54:40 | 000,000,000 | R--- | C] () -- C:\Users\John\defogger_reenable
[2009/11/29 20:40:52 | 000,000,000 | R--- | C] () -- C:\Users\John\AppData\Local\prvlcl.dat
[2009/08/24 13:54:59 | 000,024,227 | R--- | C] () -- C:\Users\John\AppData\Roaming\UserTile.png
[2008/03/12 08:35:55 | 000,001,028 | R--- | C] () -- C:\Users\John\AppData\Roaming\WavCodec.wff
[2007/02/23 20:57:08 | 000,000,110 | R--- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2007/02/21 11:12:46 | 000,001,356 | R--- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2007/02/20 13:14:11 | 000,095,744 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/07/30 12:39:00 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/07/30 12:39:00 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/11/23 14:13:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AnvSoft
[2014/11/12 07:45:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVAST Software
[2014/11/12 07:39:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2012/12/23 15:55:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\avidemux
[2014/03/24 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BBCiPlayerDownloads
[2014/07/23 14:23:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\CBS Interactive
[2014/11/23 12:17:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\CDXReader
[2014/03/26 21:32:50 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Celeris
[2007/04/03 17:37:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\CoffeeCup Software
[2011/06/28 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2011/01/18 04:52:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Duality Software
[2014/11/23 12:17:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IrfanView
[2014/07/02 09:17:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\JGsoft
[2014/11/23 12:17:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\LavFilters
[2011/06/28 14:12:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2010/05/15 12:41:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leawo
[2014/11/12 07:39:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MediaMonkey
[2010/03/05 13:32:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Moyea
[2014/11/17 13:11:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MPC-HC
[2008/03/13 14:27:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\NCH Swift Sound
[2014/11/23 17:41:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Opera Software
[2014/02/22 11:06:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Oracle
[2011/12/21 14:44:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PopMan
[2007/02/20 13:28:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SampleView
[2014/11/30 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Systweak
[2007/04/10 15:12:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template
[2014/11/12 07:39:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2013/07/26 10:39:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TuneUp Software
[2014/12/07 14:49:47 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2014/11/12 07:39:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\XnView

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 12/7/2014 4:40:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Favorites\Downloads\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.79% Memory free
4.18 Gb Paging File | 2.96 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.38 Gb Total Space | 103.93 Gb Free Space | 36.04% Space Free | Partition Type: NTFS
Drive D: | 9.71 Gb Total Space | 3.02 Gb Free Space | 31.05% Space Free | Partition Type: NTFS
Drive H: | 587.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 111.78 Gb Total Space | 94.97 Gb Free Space | 84.96% Space Free | Partition Type: NTFS

Computer Name: SIGLERCENTRAL | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
.txt [@ = txtfile] -- Reg Error: Key error. File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4278196236-3910043076-1921008887-1001]
"EnableNotificationsRef" = 3
"EnableNotifications" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4278196236-3910043076-1921008887-500]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B2B413-B864-4230-AF9D-7C073A475824}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1D5A02A5-83F9-40BE-8A62-82B9396E4D7E}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{2C062DDF-926A-47EE-A655-1398D09C3E4C}" = lport=29900 | protocol=6 | dir=in | name=gp connection manager |
"{3200722A-A7A1-4947-84F1-BA442407D0FD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{4C69F3C7-4A29-4887-8735-9A4D682892E0}" = lport=6500 | protocol=6 | dir=in | name=query port |
"{4F148ACA-501D-4AE8-9199-D4D7DEDBC621}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{54EC718A-FAFF-4CD3-9A8C-5A17644CDE12}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56317DDC-66D6-4C37-9639-B6884C0FD450}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{5F797317-60A0-49C7-AF3F-3FC23FD00C8A}" = lport=29901 | protocol=6 | dir=in | name=gp search manager |
"{6DFB3C75-B1FF-46F9-886C-D6933866FCCB}" = lport=27900 | protocol=6 | dir=in | name=master server udp heartbeat |
"{ACFDCBD2-9BEB-4AF4-8831-5188B5DCDC6D}" = lport=28900 | protocol=6 | dir=in | name=master server list request |
"{B8906444-4788-4F90-B402-15E68ED926F8}" = lport=6515 | protocol=6 | dir=in | name=dplay udp |
"{BAC42963-BFC0-4CF0-9A8E-A4B6A61230EC}" = lport=3783 | protocol=6 | dir=in | name=voice chat port |
"{BB5155DE-42FF-46C6-94F5-6A819090D944}" = lport=13139 | protocol=6 | dir=in | name=custom udp pings |
"{C6A3FBB6-4879-4AA7-8489-E7DBDBD12BD2}" = lport=6667 | protocol=6 | dir=in | name=irc |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F81C7C-A75B-44F6-B6CF-46E2F77FEA0D}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"{097AB5AD-1E22-4BDB-B059-C6FC276E452F}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{09DCDE17-E5D2-4D01-B635-3996013C07E7}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{13DEAD10-F7F1-4E57-B61B-63C70F04D6F2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1D513074-6EAF-4B39-85A2-FFD9FB19AF0F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2F85CB51-3F56-4A8A-8CD7-60D29B908DE8}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{30F5E4E2-AF26-45A4-A0E7-0893AE405C95}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{431DDD6E-BF6C-4C7A-9F8C-981A08C66290}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{508389C7-CEAB-4BEF-90D8-3A6550CBA922}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{6570A2E5-FF6C-4458-82CB-62FC4E46E368}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{6BA94EC0-3B11-444B-ACF2-9685AB22CB2A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{6EC873BD-29DF-43AD-947F-C597C3CBD8DE}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{72592CCC-849E-4851-A6CD-3BFFB95ECEC6}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{7574D490-5DC0-48D8-A01B-061C9958C29F}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{772F1BE6-25BC-4D3D-94E5-B80DACE329FF}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{926624ED-9D4F-4E6A-AA4C-5CCDB07412B5}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{965B6B87-BA82-4CDD-9371-697B6402855A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{AE8A31C1-943C-44FA-85B3-F117B416643F}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{BEFC67C9-7F47-4569-B8BF-119A09811BF5}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{C0531CC5-002E-4180-B51F-DF7FB05CAE32}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C3ACC849-B464-4B8F-B9BA-F679A554ED0F}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{C41700E0-34F1-40EB-B3E8-3B61252F010C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D28CACF7-066F-4AC9-9E0A-757369DF400A}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"{D97D28C8-AE17-4723-ABE8-FF6FBA1C0D80}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{DC808989-0220-4350-A783-E25C06E10C73}" = protocol=6 | dir=in | app=c:\program files\celeris\virtual pool 3 dl\vp3.exe |
"{DE6E57CD-77FC-4834-A27D-495AAD0FD08F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E11CA49A-F3A6-4422-8160-790F296C727A}" = protocol=17 | dir=in | app=c:\program files\celeris\virtual pool 3 dl\vp3.exe |
"{F66F6495-09BD-4D5A-8785-F61451AFEC36}" = protocol=6 | dir=out | app=system |
"{F7796B77-515D-4912-B5A1-77B16AFDEEBC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0A9D88E7-628A-445D-AD39-3954B1F027B4}C:\program files\microsoft games\links 2001\linksmmi.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\links 2001\linksmmi.exe |
"TCP Query User{17A744AF-1105-4EF7-8718-1A9B55042C2C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2B2A14AF-4A4F-43EF-BFBA-2F2C9331E6D6}C:\program files\microsoft games\links 2001\linksmmi.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\links 2001\linksmmi.exe |
"TCP Query User{48CB1DB3-5790-4100-B0BE-61F924689BDC}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{50F6CEB9-246C-4546-A4F0-2E3866768C42}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5D29D0C7-BF35-43D3-804D-6076EC8862DE}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{81E775FE-6FC5-4992-8785-968DD5F61453}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8D4AD730-297E-4BF9-BF24-C574C2791DD6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{98FBD862-3359-4B26-B978-C50182F27D62}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{9FEEB6AE-9F2E-425F-B033-30897FBD9492}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A443F6ED-BD8E-491A-A6BA-88383884C82C}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{C99994A0-D7EB-45C0-89D3-CF840A4CBF24}H:\setup.exe" = protocol=6 | dir=in | app=h:\setup.exe |
"UDP Query User{02DC19EB-3DCD-49F5-993C-7E416288A19B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{05C2525B-2E26-4797-960A-B7B2BAA6C8AB}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{06C0E2DF-A447-428C-A89F-7340131E049C}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{108CC807-C915-4F03-A2E0-A74210EF34E9}C:\program files\microsoft games\links 2001\linksmmi.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\links 2001\linksmmi.exe |
"UDP Query User{2C2CECB0-D5E7-4220-A88F-B5A628348200}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5146B915-8BEB-4C8E-AD3A-10CE6D13ADFC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{549D516D-8B22-4D1B-B0DC-E77E79E9B617}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{5C382E29-46B1-4502-8E20-EC30E01A9E57}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{86448CE1-1D37-4DB1-87FF-065087728178}C:\program files\microsoft games\links 2001\linksmmi.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\links 2001\linksmmi.exe |
"UDP Query User{9FCAA13B-79E4-4151-8163-2BDB3A674B37}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BAD4CBEF-2E8D-4BCD-9BED-B492EE42AEC9}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{F82D93C5-50A7-4BA5-AFAA-AE6FC2E0B7CD}H:\setup.exe" = protocol=17 | dir=in | app=h:\setup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218011FF}" = Java 8 Update 11
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel(R) Viiv(TM) Software
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{584267B8-0BB0-4D18-9FFA-726576619E9A}" = Doom 3
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}" = Virtual Pool 3 DL
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C074AFB2-07DF-46DF-96CD-38CEC2793AF7}" = Virtual Pool 4 Online
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{E801BD2A-AB6B-4B8F-9599-B164AC726EC8}" = Virtual Pool 4
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Avast" = Avast Free Antivirus
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"CCleaner" = CCleaner
"ChampSpades" = Championship Spades All-Stars 7.50
"DivX Setup" = DivX Setup
"DS Clock_is1" = DS Clock
"EditPad Lite" = EditPad Lite 7.3.1
"ffdshow_is1" = ffdshow v1.1.4399 [2012-03-22]
"FileHippo.com" = FileHippo.com Update Checker
"Filzip 3.0.6.93_is1" = Filzip 3.06
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HP-LaserJet 1020 series" = LaserJet 1020 series
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Intel(R) Configuration Center" = Intel(R) Viiv(TM) Software
"IrfanView" = IrfanView (remove only)
"Links 2001 2.0" = Microsoft Links 2001
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Media Player - Codec Pack" = Media Player Codec Pack 4.3.4
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Office8.0" = Microsoft Office 97, Professional Edition
"Opera 26.0.1656.32" = Opera Stable 26.0.1656.32
"PopMan-CH-Software_is1" = PopMan 1.3.1
"PROSet" = Intel(R) PRO Network Connections Drivers
"SopCast" = SopCast 3.2.9
"SpywareBlaster_is1" = SpywareBlaster 5.0
"VLC media player" = VLC media player
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4278196236-3910043076-1921008887-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Download App" = Download App
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm
Advertisement
Register to Remove

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 8th, 2014, 2:27 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 8th, 2014, 2:34 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi sigsky

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Before we start to clean your machine of infection, I'd like you to run a few extra scans for me, so that we have a more complete view of what needs to be removed.

So, first ....

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

  • Download FRST to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

I need you to run a search for me with FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;certified-toolbar

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • FRST.txt
  • Addition.txt
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 8th, 2014, 10:34 am

Hello Gary R,

Thanks for your quick response to my issue. I will try to be equally responsive.

Unfortunately we are off to a bad start:

I was unable to run TCRB even as administrator -- "Could not determine directory name. Try running setup.exe /T:<Path>"

The registry cleaner in CCleaner allows you to backup the registry so I did that without letting CCleaner make any changes.

Attempting to run AdwCleaner as administrator produced a box asking me to agree with the terms. Oddly the terms don't show up where they should but I clicked on agree anyway. Nothing happened, i.e. no scan button was produced. I checked the task list and it did show AdwCleaner was trying to do something. After about 90 seconds the following message appeared: "SQLKite3.dll can't be loaded (1)" with an "OK" button. Clicking this made the message disappear and removed AdwCleaner from the task list.

I thought at this point I should check with you before attempting to run FRST.

Thanks for your help.
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 8th, 2014, 12:33 pm

OK, I've no idea why you're having the problems with ADWCleaner and TCRB, but see if you can run the scans with FRST and we'll go from there.

There's an alternate scanner we can try that does a similar job to ADWCleaner, but I'd like to see if the FRST scans throw a light on anything first before I have you try to run it.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 8th, 2014, 1:45 pm

After visiting FRST link, I have FRST.exe on my desktop.

Run as administrator and scan. After a few minutes a message appears: "Scan completed. The "FRST.txt" is saved in the same directory FRST tool is run." I click on OK and the following appears: "Cannot find the C:\Users\John\Desktop\FRST.txt file. Do you want to create a new file?" "Yes, No, Close". At the same time another box appears telling me where Addition.txt is found. If I click on Yes, the first message disappears but no txt file appears on my desktop. Clicking on the OK button in the box for Addition.txt results in the same not found/create? dialog and on clicking "Yes" again no txt file is created.

Next step in instructions is to run a search using Frst64.exe. I assumed that should be FRST.exe since I have a 32 bit system and FRST.exe is the only file I have. I followed the instructions about the input to the search field and after a while got a message telling me where the Search.txt file could be found, again followed by the dialog saying not found / create? but no file is created.

I ran a search on the whole computer for the three text files that should have been produced and they were not found.

Message would seem to imply that FRST.exe thought it had been run before but this is the first time I have run it.

Thanks again for your help, I'll be gone for a couple of hours.
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 8th, 2014, 6:14 pm

OK, looks like we're going to have to work with OTL, since that's the only program that appears to run OK on your computer.

It's hard to tell at this point whether removing the items in your OTL log will enable us to make any substantial progress, but we'll go with it, and see where it takes us.

It's going to take me a while to compile a fix using OTL, but I'll get back to you as soon as I can.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 8th, 2014, 6:55 pm

OK, let's get started on cleaning your computer.

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

µTorrent
Java 8 Update 11
Spybot - Search & Destroy
SpywareBlaster 5.0


Use of P2P programs is the quickest way I know to contract an infection. In return for our help this forum insists on their removal.
Out of date versions of java are actively exploited.
Spybot is of course not malicious, but it will interfere with the infection removal process, so needs to be temporarily uninstalled from your computer. Once you're clean you can install it again.
SpywareBlaster can also interfere with the removal process, and in any case is of very limited use in protecting your computer. The methods it uses are quite dated, and may slow your computer down.

Reboot your computer when all thse programs have been uninstalled.

Next ...

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box. (do not include Code: Select all)
Code: Select all
:OTL
DRV - File not found [Kernel | System | Unknown] -- system32\drivers\netfilter.sys -- (netfilter)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si= ... id=2937&q= {searchTerms}
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\..\SearchScopes\{138235B3-FA12-4084-A20C-4EB5DA65EAE7}: "URL" = http://search.certified-toolbar.com?si= ... id=2937&q= {searchTerms}
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O34 - HKLM BootExecute: (SsiEfr.exe)
[2014/11/30 17:45:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Systweak
[2014/11/11 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\AvgSetupLog
[2014/11/11 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Avg
[2014/11/12 07:39:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2014/12/07 14:49:47 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

Reg:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13DEAD10-F7F1-4E57-B61B-63C70F04D6F2}"=-
"{1D513074-6EAF-4B39-85A2-FFD9FB19AF0F}"=-
"{30F5E4E2-AF26-45A4-A0E7-0893AE405C95}"=-
"{C41700E0-34F1-40EB-B3E8-3B61252F010C}"=-
"{DE6E57CD-77FC-4834-A27D-495AAD0FD08F}"=-
"{F7796B77-515D-4912-B5A1-77B16AFDEEBC}"=-

:Files
c:\program files\utorrent
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next ...

Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Summary of the logs I need from you in your next post:
  • OTL fix log
  • JRT.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 8th, 2014, 8:50 pm

OK, uninstalled the 4 programs and restarted the computer. I always like to see what theses programs leave behind and the Program Files\Spybot still has a couple exe files including teatimer but it doesn't appear to be doing anything. I left them there.

after inserting code in the scan box and clicking Run Fix OTL quickly scrolled down to the line: O34 - HKLM BootExecute: (SsiEfr.exe)

At that point it appears to stall. I let it sit about 5 minutes and nothing changed. When I tried to move the window by dragging the header, "Not Responding" was appended to the header. I tried running without the Antivirus running but got the same result.

Should I continue to the Junkware Removal step or do something else?

Again, thanks for your help.
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 9th, 2014, 2:14 am

Look in the following folder ... C:\ _OTL\ MovedFiles ... and you should find a number of files of the form ... DDMMYYYY_HHMMSS.log ...(where DMY represent the date the fix was run, and HMS represent the time the fix was run) ... post me the contents of the log created when your ran this fix please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 9th, 2014, 7:07 am

Sorry, that folder does not exist. No folder_OTL found during search.

What now? Thanks
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 9th, 2014, 1:09 pm

Looks like OTL has not run correctly then.

Please try running the fix in ... viewtopic.php?p=638971#p638971 ... (just the OTL bit), and see if it runs to completion this time, if it fails again, please note at which point it appears to fail if you can.

I want to see if it fails at the same point it did last time, if it does then we can alter the script and see if that allows it to complete. However the item that caused it to fail last time might have already been removed even though OTL did not complete, in which case there's a chance it may run to completion this time.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 9th, 2014, 1:25 pm

Same result at same line of code. No _OTL folder created. Standing by.
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm

Re: Browser/Adobe Reader stalling

Unread postby Gary R » December 9th, 2014, 1:37 pm

OK, try again using the following script (no Code: Select all) ...

Code: Select all
:OTL
DRV - File not found [Kernel | System | Unknown] -- system32\drivers\netfilter.sys -- (netfilter)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si= ... id=2937&q= {searchTerms}
IE - HKU\S-1-5-21-4278196236-3910043076-1921008887-1001\..\SearchScopes\{138235B3-FA12-4084-A20C-4EB5DA65EAE7}: "URL" = http://search.certified-toolbar.com?si= ... id=2937&q= {searchTerms}
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
[2014/11/30 17:45:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Systweak
[2014/11/11 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\AvgSetupLog
[2014/11/11 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Avg
[2014/11/12 07:39:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2014/12/07 14:49:47 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

Reg:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13DEAD10-F7F1-4E57-B61B-63C70F04D6F2}"=-
"{1D513074-6EAF-4B39-85A2-FFD9FB19AF0F}"=-
"{30F5E4E2-AF26-45A4-A0E7-0893AE405C95}"=-
"{C41700E0-34F1-40EB-B3E8-3B61252F010C}"=-
"{DE6E57CD-77FC-4834-A27D-495AAD0FD08F}"=-
"{F7796B77-515D-4912-B5A1-77B16AFDEEBC}"=-

:Files
c:\program files\utorrent
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Browser/Adobe Reader stalling

Unread postby sigsky » December 9th, 2014, 1:52 pm

OK, got a box with error: "Cannot create file C:\Users\John\Desktop\cmd.bat"


Chrome failed and offered to reload page and Avast momentarily failed (message flashed but I couldn't read it)

OTL is stuck (but it doesn't say Not Responding)
The line it is stuck on is : "moving file C:\program files\utorrent"

of course that folder no longer exists since I unistalled utorrent.

Thanks
sigsky
Regular Member
 
Posts: 17
Joined: August 23rd, 2009, 1:34 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware