Results 1 to 10 of 21

Thread: Slow-PC Fighter Infection

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default Slow-PC Fighter Infection

    I was looking for an alternative fraps and got zapped by something called Slow-Pc Fighter. It runs unwanted scans and offers optimizations, etc. It also seems to have installed a Yahoo tool bar that is wanting to run. When you reboot it runs a scan like a normal antivirus might but when it finishes it sits there stops the boot process from completing. Thanks

    Per the instructions I ran Erunt and saved my registry.

    DDS Txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521
    Run by Mike at 1:05:12 on 2014-03-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6515 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20140312,20029,0,31,6944
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: ArcadeParlor Games: {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Mike\AppData\Local\ArcadeParlor\Arcadeparlor.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0725DADC-CAD9-4867-8745-00681411B8DC} : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-20 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-20 207904]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-6 16152]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-14 1038072]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-8-14 421704]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-14 78648]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-19 50344]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-6 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-6 161560]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 15129376]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-11 411936]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-6 363800]
    R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-19 80184]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-6 355096]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-6 786200]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-6 39200]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-6 646248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-29 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-29 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2014-03-17 05:01:40 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BC65AFF-78A7-4DFA-B21F-8B0D32B9BEE6}\offreg.dll
    2014-03-17 04:25:13 -------- d-----w- C:\Users\Mike\AppData\Roaming\Smart PC Cleaner
    2014-03-17 04:20:35 -------- d-----w- C:\Users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo
    2014-03-17 04:20:31 -------- d-----w- C:\Users\Mike\AppData\Roaming\Fighters
    2014-03-17 04:20:16 -------- d-----w- C:\ProgramData\Fighters
    2014-03-17 04:20:16 -------- d-----w- C:\Program Files\Fighters
    2014-03-17 04:20:16 -------- d-----w- C:\Program Files (x86)\Fighters
    2014-03-17 04:20:10 -------- d-----w- C:\Program Files (x86)\Driver-Soft
    2014-03-17 04:20:07 -------- d-----w- C:\Program Files (x86)\Smart PC Cleaner
    2014-03-17 04:20:00 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2014-03-17 04:19:55 -------- d-----w- C:\Users\Mike\AppData\Local\ArcadeParlor
    2014-03-14 13:21:22 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BC65AFF-78A7-4DFA-B21F-8B0D32B9BEE6}\mpengine.dll
    2014-03-12 01:32:13 -------- d-----w- C:\Users\Mike\AppData\Local\Skype
    2014-03-12 01:32:01 -------- d-----r- C:\Program Files (x86)\Skype
    2014-03-11 22:01:48 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-03-11 22:01:47 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-03-11 22:01:47 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-03-11 22:01:47 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-03-11 21:52:58 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-02-26 18:31:34 6574592 ----a-w- C:\Windows\System32\mstscax.dll
    2014-02-26 18:31:34 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-02-25 12:20:42 -------- d-----w- C:\Program Files (x86)\WarThunder - Copy
    2014-02-19 16:32:00 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    2014-02-17 15:20:16 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-02-17 15:20:15 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    .
    ==================== Find3M ====================
    .
    2014-03-11 20:29:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-11 20:29:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
    2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-19 16:31:59 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-02-19 16:31:59 43152 ----a-w- C:\Windows\avastSS.scr
    2014-02-19 16:31:59 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-02-19 16:31:59 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
    2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
    2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
    2014-01-27 14:58:44 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll
    2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll
    2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ============= FINISH: 1:05:25.46 ===============

    aswMBR Log

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-03-17 01:06:42
    -----------------------------
    01:06:42.384 OS Version: Windows x64 6.1.7601 Service Pack 1
    01:06:42.384 Number of processors: 4 586 0x3A09
    01:06:42.384 ComputerName: FIRE UserName: Mike
    01:06:43.336 Initialize success
    01:06:46.752 AVAST engine defs: 14031601
    01:06:54.178 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    01:06:54.178 Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3
    01:06:54.256 Disk 0 MBR read successfully
    01:06:54.256 Disk 0 MBR scan
    01:06:54.256 Disk 0 Windows 7 default MBR code
    01:06:54.256 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    01:06:54.256 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
    01:06:54.272 Disk 0 scanning C:\Windows\system32\drivers
    01:06:59.326 Service scanning
    01:07:12.742 Modules scanning
    01:07:12.742 Disk 0 trace - called modules:
    01:07:12.758 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    01:07:12.758 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a17790]
    01:07:12.758 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa8007560950]
    01:07:12.773 5 ACPI.sys[fffff88000f2d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a16050]
    01:07:13.538 AVAST engine scan C:\Windows
    01:07:15.067 AVAST engine scan C:\Windows\system32
    01:08:40.165 AVAST engine scan C:\Windows\system32\drivers
    01:08:46.951 AVAST engine scan C:\Users\Mike
    01:09:04.470 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
    01:09:04.470 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    Here you go.

    # AdwCleaner v3.022 - Report created 17/03/2014 at 13:17:10
    # Updated 13/03/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Mike - FIRE
    # Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\Mike\Desktop\Smart PC Cleaner.lnk
    Folder Found C:\Program Files (x86)\driver-soft
    Folder Found C:\Program Files (x86)\smart pc cleaner
    Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smart pc cleaner
    Folder Found C:\Users\Mike\AppData\Local\NativeMessaging
    Folder Found C:\Users\Mike\AppData\Local\WhiteListing
    Folder Found C:\Users\Mike\AppData\Roaming\smart pc cleaner
    Folder Found C:\Users\Mike\Documents\smart pc cleaner

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Smart PC Cleaner
    Key Found : [x64] HKCU\Software\Smart PC Cleaner
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\Software\Driver-Soft
    Key Found : HKLM\Software\InstallIQ
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart PC Cleaner_is1
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16521


    -\\ Mozilla Firefox v

    [ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gbg4rpfs.default-1374986477390\prefs.js ]


    -\\ Google Chrome v33.0.1750.154

    [ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found : homepage
    Found : icon_url
    Found : search_url
    Found : suggest_url
    Found : keyword
    Found : urls_to_restore_on_startup
    Found : homepage
    Found : icon_url
    Found : search_url
    Found : suggest_url
    Found : keyword
    Found : urls_to_restore_on_startup
    Found : homepage
    Found : icon_url
    Found : search_url
    Found : suggest_url
    Found : keyword
    Found : urls_to_restore_on_startup
    Found : homepage
    Found : icon_url
    Found : search_url
    Found : suggest_url
    Found : keyword
    Found : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [3399 octets] - [17/03/2014 13:17:10]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3459 octets] ##########

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile + fresh DDS.txt log with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    Don't know if it matters, but the .txt file it created is [S0] rather than [S1]. In the location you mentioned there are also [R0] and [R1] files.

    # AdwCleaner v3.022 - Report created 17/03/2014 at 22:49:55
    # Updated 13/03/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Mike - FIRE
    # Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smart pc cleaner
    Folder Deleted : C:\Program Files (x86)\driver-soft
    Folder Deleted : C:\Program Files (x86)\smart pc cleaner
    Folder Deleted : C:\Users\Mike\AppData\Local\NativeMessaging
    Folder Deleted : C:\Users\Mike\AppData\Local\WhiteListing
    Folder Deleted : C:\Users\Mike\AppData\Roaming\smart pc cleaner
    Folder Deleted : C:\Users\Mike\Documents\smart pc cleaner
    File Deleted : C:\Users\Mike\Desktop\Smart PC Cleaner.lnk

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : HKCU\Software\Smart PC Cleaner
    Key Deleted : HKLM\Software\Driver-Soft
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart PC Cleaner_is1

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16521


    -\\ Mozilla Firefox v

    [ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gbg4rpfs.default-1374986477390\prefs.js ]


    -\\ Google Chrome v33.0.1750.154

    [ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : icon_url
    Deleted : search_url

    *************************

    AdwCleaner[R0].txt - [3543 octets] - [17/03/2014 13:17:10]
    AdwCleaner[R1].txt - [3603 octets] - [17/03/2014 22:48:57]
    AdwCleaner[S0].txt - [3082 octets] - [17/03/2014 22:49:55]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3142 octets] ##########

  6. #6
    Member
    Join Date
    Jul 2013
    Posts
    60

    Default

    Need to add when I closed the browser after posting the previous message Slow-PC Fighter interface was open behind it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •