Results 1 to 3 of 3
  1. #1
    Member
    Join Date
    May 2012
    Posts
    3
    Points
    0

    Default slow performance

    Hi everybody,

    My system has been working slowly just recently and it doesn't open web pages as fast as the internet speed is. I tested the internet speed on Speedtest.net and it was all perfect. But Chrome and Firefox and IE won't open pages as they used to lets say last week. It takes at least one minute to open youtube homepage, while sometimes it fails to load it. The fact is that it doesn't matter what's the webpage containing, a video or simple texts , it just won't open it right away. sometimes I have to stop and ctrl+refresh it, sometimes it fails to load the CSS and so on. while using GMAIL, when I put the cursor on a check box or other buttons, that element flashes once or twice. It's weird!

    I use an HP Pavilion dv7-1070ee with Windows 7 64bit running + 4GB of RAM.

    I have no idea why did this happen since few days ago. I'll include the logs in the following so that experts can tell me what's wrong...

    Thank you for your assistance in advance!
    Khashayar

    ___________________________________________________


    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.05.04.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Khashayar :: KHASHAYAR-PC [administrator]

    Protection: Enabled

    5/4/2012 10:37:09 AM
    mbam-log-2012-05-04 (14-41-07).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 561258
    Time elapsed: 4 hour(s), 3 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab Video Converter (PUP.Adware.InstallCore) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Program Files\Autodesk\AutoCAD 2012 - English\x-force_2012_x64.exe (Trojan.Agent.ck) -> No action taken.
    C:\Program Files (x86)\FoxTabVideoConverter\Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> No action taken.
    D:\copy from C\aksaye khashayar\yerevan\Khashayar pic\new year 2004\K18.jpg (Extension.Mismatch) -> No action taken.
    G:\u1102.exe (Trojan.Agent) -> No action taken.
    G:\Autodesk\AUTODESK.AUTOCAD.V2012.WIN64-ISO\A2k12GK\xf-a2012-64bits\xf-adesk2012x64.exe (Trojan.Agent.ck) -> No action taken.
    G:\SUPro716+V+PO\google sketch up\Google.Sketchup.Pro.v8.0.3117.Incl.Keygen-MESMERiZ\Google.Sketchup.Pro.v8.0.3117.Incl.Keygen-MESMERiZE\keygen.exe (RiskWare.Tool.CK) -> No action taken.

    (end)


    ____________________________________________________________________



    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 05/04/2012 at 00:03 AM

    Application Version : 5.0.1148

    Core Rules Database Version : 8552
    Trace Rules Database Version: 6364

    Scan type : Custom Scan
    Total Scan Time : 00:08:47

    Operating System Information
    Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 603
    Memory threats detected : 0
    Registry items scanned : 66154
    Registry threats detected : 0
    File items scanned : 7412
    File threats detected : 88

    Adware.Tracking Cookie
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\CANPMJ13.txt [ /doubleclick.net ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\75VONGD2.txt [ /advertising.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\2VZP5L6O.txt [ /atwola.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\K12YAG1M.txt [ /ar.atwola.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\13OXLC2Z.txt [ /serving-sys.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\5S9ILOT0.txt [ /a1.interclick.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\J6F4TQEA.txt [ /c.atdmt.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\BPAJ84KA.txt [ /stats.paypal.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\6V09C18R.txt [ /ohra.adservinginternational.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\L8NEJHCP.txt [ /atdmt.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\QXRHLDL8.txt [ /interclick.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\5AQVAXCE.txt [ /adxpose.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\L60DU62V.txt [ /invitemedia.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\CXBTNXLO.txt [ /at.atwola.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\OMWK5E6W.txt [ /ads.creative-serving.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\SD3GEPCL.txt [ /adinterax.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\DIC04VNW.txt [ /ad.yieldmanager.com ]
    C:\Users\Khashayar\AppData\Roaming\Microsoft\Windows\Cookies\YHDS2DBT.txt [ /tacoda.at.atwola.com ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4V2ZLUH.txt [ Cookie:khashayar@doubleclick.net/ ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\FTHRSXCK.txt [ Cookie:khashayar@statcounter.com/ ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\P6UZ2EHL.txt [ Cookie:khashayar@accounts.youtube.com/accounts ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEBGABFQ.txt [ Cookie:khashayar@c.atdmt.com/ ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1EGCV6L.txt [ Cookie:khashayar@apmebf.com/ ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLABD9D6.txt [ Cookie:khashayar@casalemedia.com/ ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\HZOV4UB7.txt [ Cookie:khashayar@lfstmedia.com/ ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\R95JQNVW.txt [ Cookie:khashayar@atdmt.com/ ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\UVXU9593.txt [ Cookie:khashayar@jobfinder.am/ ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\PKIH5JWN.txt [ Cookie:khashayar@imrworldwide.com/cgi-bin ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\R3WFBBA6.txt [ Cookie:khashayar@www.google.am/accounts ]
    C:\USERS\KHASHAYAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\B0TWNTF5.txt [ Cookie:khashayar@ad.yieldmanager.com/ ]
    C:\USERS\KHASHAYAR\Cookies\CANPMJ13.txt [ Cookie:khashayar@doubleclick.net/ ]
    C:\USERS\KHASHAYAR\Cookies\75VONGD2.txt [ Cookie:khashayar@advertising.com/ ]
    C:\USERS\KHASHAYAR\Cookies\2VZP5L6O.txt [ Cookie:khashayar@atwola.com/ ]
    C:\USERS\KHASHAYAR\Cookies\K12YAG1M.txt [ Cookie:khashayar@ar.atwola.com/ ]
    C:\USERS\KHASHAYAR\Cookies\13OXLC2Z.txt [ Cookie:khashayar@serving-sys.com/ ]
    C:\USERS\KHASHAYAR\Cookies\5S9ILOT0.txt [ Cookie:khashayar@a1.interclick.com/ ]
    C:\USERS\KHASHAYAR\Cookies\J6F4TQEA.txt [ Cookie:khashayar@c.atdmt.com/ ]
    C:\USERS\KHASHAYAR\Cookies\BPAJ84KA.txt [ Cookie:khashayar@stats.paypal.com/ ]
    C:\USERS\KHASHAYAR\Cookies\6V09C18R.txt [ Cookie:khashayar@ohra.adservinginternational.com/ ]
    C:\USERS\KHASHAYAR\Cookies\L8NEJHCP.txt [ Cookie:khashayar@atdmt.com/ ]
    C:\USERS\KHASHAYAR\Cookies\5AQVAXCE.txt [ Cookie:khashayar@adxpose.com/ ]
    C:\USERS\KHASHAYAR\Cookies\CXBTNXLO.txt [ Cookie:khashayar@at.atwola.com/ ]
    C:\USERS\KHASHAYAR\Cookies\DIC04VNW.txt [ Cookie:khashayar@ad.yieldmanager.com/ ]
    C:\USERS\KHASHAYAR\Cookies\YHDS2DBT.txt [ Cookie:khashayar@tacoda.at.atwola.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\4ULPQKS9.txt [ Cookie:maman@serving-sys.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\LKERSWEP.txt [ Cookie:maman@bs.serving-sys.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\0L0WZ4QT.txt [ Cookie:maman@doubleclick.net/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\JJ4FKPK8.txt [ Cookie:maman@atdmt.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\45MCE52L.txt [ Cookie:maman@accounts.google.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PRN4F8MF.txt [ Cookie:maman@zedo.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FCHHDL6.txt [ Cookie:maman@c.atdmt.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BBUHUK9C.txt [ Cookie:maman@adxpose.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\00OP9QRS.txt [ Cookie:maman@ad2.adfarm1.adition.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UOP3C2Q.txt [ Cookie:maman@lfstmedia.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6M9SGID0.txt [ Cookie:maman@accounts.youtube.com/accounts ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LBLICT0G.txt [ Cookie:maman@ru4.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\42CYGWK4.txt [ Cookie:maman@serving-sys.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5KU9W4SL.txt [ Cookie:maman@rotator.adjuggler.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\76GXJ3J3.txt [ Cookie:maman@imrworldwide.com/cgi-bin ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LUB50KCU.txt [ Cookie:maman@apmebf.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4EXNGYCF.txt [ Cookie:maman@micklemedia.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H90V6B9T.txt [ Cookie:maman@statcounter.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\L4CSD2Y6.txt [ Cookie:maman@casalemedia.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H97CEYU3.txt [ Cookie:maman@accounts.google.com/accounts/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWCMMBIE.txt [ Cookie:maman@a1.interclick.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JJ5H50R6.txt [ Cookie:maman@invitemedia.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JV9QZBBU.txt [ Cookie:maman@xiti.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X4B3AEH8.txt [ Cookie:maman@bs.serving-sys.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YYW0U7HA.txt [ Cookie:maman@mediaplex.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2SINGMIH.txt [ Cookie:maman@insightexpressai.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9M9WFFXG.txt [ Cookie:maman@interclick.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UGFB5KKF.txt [ Cookie:maman@media6degrees.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G7CUZ1L9.txt [ Cookie:maman@clicksor.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4XKCMNZ3.txt [ Cookie:maman@www.google.com/accounts ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PAOP1ZBO.txt [ Cookie:maman@www.googleadservices.com/pagead/conversion/1018911338/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J6F5V337.txt [ Cookie:maman@akamai.interclickproxy.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\R45ZN9RF.txt [ Cookie:maman@www.burstnet.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\66HTR8RB.txt [ Cookie:maman@amazon-adsystem.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F316WNDB.txt [ Cookie:maman@questionmarket.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6O6EFWRL.txt [ Cookie:maman@myroitracking.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LCIWMDNQ.txt [ Cookie:maman@atdmt.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7844QL3.txt [ Cookie:maman@doubleclick.net/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NUZKHVTT.txt [ Cookie:maman@histats.com/ ]
    C:\USERS\MAMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8H8R8NO.txt [ Cookie:maman@lucidmedia.com/ ]
    C:\USERS\MAMAN\Cookies\4ULPQKS9.txt [ Cookie:maman@serving-sys.com/ ]
    C:\USERS\MAMAN\Cookies\LKERSWEP.txt [ Cookie:maman@bs.serving-sys.com/ ]
    C:\USERS\MAMAN\Cookies\0L0WZ4QT.txt [ Cookie:maman@doubleclick.net/ ]
    C:\USERS\MAMAN\Cookies\JJ4FKPK8.txt [ Cookie:maman@atdmt.com/ ]


    ___________________________________________________________________________


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:29:31 PM, on 5/3/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\Downloads\HijackThis.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Khashayar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [googletalk] C:\Users\Khashayar\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{62272807-76D5-4767-BD20-5564FB094126}: NameServer = 79.127.124.138,79.127.124.139
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - c:\Windows\system32\vfsFPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11439 bytes

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hello khashayar and welcome to Help2Go!

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    I see you have created 2 threads. We only need you to start one thread. Not to worry. I will have one of the Administrators remove the other thread. Do not create another thread, please respond to this thread once our removal expert reply's to your request for help.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply and add the new log to this thread.

    We need to see some information about what is happening in your machine. Please perform the following scans:

    DDS
    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

    Save both reports to your desktop post the contents of the DDS.txt log. Save the other report in case I need to look at it later.


    aswMBR
    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
    [/QUOTE]
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    May 2012
    Posts
    3
    Points
    0

    Default

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Khashayar at 16:00:55 on 2012-05-04
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4093.1305 [GMT 4:00]
    .
    AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    c:\Windows\system32\vfsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Users\Khashayar\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Khashayar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://search.babylon.com/?affID=109935&tt=050412_30b&babsrc=HP_ss&mntrId=58fd5efc000000000000002186691f6d
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = local;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin

    \TrustCheckerIEPlugin.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    uRun: [Google Update] "C:\Users\Khashayar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [googletalk] C:\Users\Khashayar\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    uRun: [AdobeBridge]
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{62272807-76D5-4767-BD20-5564FB094126} : NameServer = 79.127.124.138,79.127.124.139
    TCP: Interfaces\{DD589106-221E-4A3F-A9F7-5D6F5DBC6939} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DD589106-221E-4A3F-A9F7-5D6F5DBC6939}\4456661657C647 : DhcpNameServer = 192.168.1.1 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO-X64: Babylon toolbar helper - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin

    \TrustCheckerIEPlugin.dll
    BHO-X64: ZoneAlarm Security Engine Registrar - No File
    TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Khashayar\AppData\Roaming\Mozilla\Firefox\Profiles\opvul2x1.default\
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109935&tt=050412_30b&babsrc=KW_ss&mntrId=58fd5efc000000000000002186691f6d&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
    FF - plugin: C:\Users\Khashayar\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
    FF - plugin: C:\Users\Khashayar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Khashayar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Khashayar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109935&tt=050412_30b
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 58fd5efc000000000000002186691f6d
    FF - user.js: extensions.BabylonToolbar_i.hardId - 58fd5efc000000000000002186691f6d
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:51:23
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-2-2 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-2-2 110032]
    R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS

    \NETw5s64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-23 253600]
    S3 bsusbser;Basecom USB Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\bsusbser.sys --> C:\Windows\system32\DRIVERS\bsusbser.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS

    \netw5v64.sys [?]
    S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\system32\drivers\NMgamingms.sys --> C:\Windows\system32\drivers\NMgamingms.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vfs101a;vfs101a;C:\Windows\system32\drivers\vfs101a.sys --> C:\Windows\system32\drivers\vfs101a.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-05-03 19:54:07 -------- d-----w- C:\Users\Khashayar\AppData\Roaming\Malwarebytes
    2012-05-03 19:53:54 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-05-03 19:53:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-05-03 19:53:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-05-03 19:53:29 -------- d-----w- C:\Users\Khashayar\AppData\Roaming\SUPERAntiSpyware.com
    2012-05-03 19:53:06 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-05-03 19:53:06 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-05-03 05:44:51 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5E23FFEB-9153-4660-8A16-2A0ADEBB57D9}\mpengine.dll
    2012-05-02 05:51:36 -------- d-----w- C:\ProgramData\ALM
    2012-05-01 16:56:55 -------- d-----w- C:\Users\Khashayar\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-05-01 13:39:45 -------- d-----w- C:\Program Files (x86)\uTorrent
    2012-05-01 13:37:48 -------- d-----w- C:\Users\Khashayar\AppData\Roaming\uTorrent
    2012-04-27 09:06:53 -------- d--h--w- C:\ProgramData\CanonIJScan
    2012-04-26 15:55:41 -------- d-----w- C:\divx
    2012-04-26 09:38:12 -------- d-----w- C:\Windows\SysWow64\C2MP
    2012-04-23 05:47:37 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-22 13:12:37 -------- d-----w- C:\Users\Khashayar\AppData\Roaming\Win7codecs
    2012-04-22 13:12:30 -------- d-----w- C:\Program Files (x86)\Win7codecs
    2012-04-22 13:10:59 -------- d-----w- C:\ProgramData\Win7codecs
    2012-04-22 11:18:14 203264 ----a-w- C:\Windows\System32\unrar.dll
    2012-04-22 11:18:07 -------- d-----w- C:\Program Files\K-Lite Codec Pack x64
    2012-04-22 09:54:59 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-22 09:49:47 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-22 09:49:46 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-22 09:49:45 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-22 09:49:43 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-22 09:49:43 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-22 09:49:43 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-22 09:49:43 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-22 09:48:44 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-22 09:48:44 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-22 09:48:44 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-22 09:48:01 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-04-22 09:47:40 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-04-22 09:47:40 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-04-22 09:47:28 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-04-22 09:47:28 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-04-22 09:47:27 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-04-22 09:47:27 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-14 05:21:24 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
    2012-04-14 05:20:59 -------- d-----w- C:\Users\Khashayar\AppData\Local\Babylon
    2012-04-14 05:20:57 -------- d-----w- C:\Users\Khashayar\AppData\Roaming\Babylon
    2012-04-14 05:20:57 -------- d-----w- C:\ProgramData\Babylon
    2012-04-14 05:20:56 -------- d-----w- C:\Program Files (x86)\FoxTabVideoConverter
    2012-04-10 19:37:48 -------- d-----w- C:\Users\Khashayar\AppData\Local\Apple Computer
    2012-04-10 19:37:36 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-04-10 19:37:36 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-04-10 19:37:36 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-04-10 19:36:55 -------- d-----w- C:\Program Files\iPod
    2012-04-10 19:36:54 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-04-10 19:36:54 -------- d-----w- C:\Program Files\iTunes
    2012-04-10 19:36:54 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-04-10 19:36:10 -------- d-----w- C:\Users\Khashayar\AppData\Local\Apple
    2012-04-10 19:35:10 -------- d-----w- C:\Program Files\Bonjour
    2012-04-10 19:35:10 -------- d-----w- C:\Program Files (x86)\Bonjour
    2012-04-05 11:40:48 -------- d-----w- C:\Program Files (x86)\Common Files\EZB Systems
    2012-04-05 11:40:47 -------- d-----w- C:\Program Files (x86)\UltraISO
    2012-04-05 11:22:05 -------- d-----w- C:\Program Files (x86)\ISO to USB
    .
    ==================== Find3M ====================
    .
    2012-05-02 14:45:37 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2012-03-12 16:56:40 947472 ----a-w- C:\Windows\SysWow64\msjava.dll
    2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-23 05:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-05 09:56:58 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-02-05 09:56:58 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    .
    ============= FINISH: 16:02:43.13 ===============


    ______________________________________________________



    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-04 16:06:49
    -----------------------------
    16:06:49.874 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:06:49.874 Number of processors: 2 586 0x1706
    16:06:49.879 ComputerName: KHASHAYAR-PC UserName: Khashayar
    16:06:50.314 Initialize success
    16:07:25.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    16:07:25.696 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT0 12.01A12 Size: 305245MB BusType: 11
    16:07:25.726 Disk 0 MBR read successfully
    16:07:25.731 Disk 0 MBR scan
    16:07:25.741 Disk 0 Windows 7 default MBR code
    16:07:25.746 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140003 MB offset 63
    16:07:25.776 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 19689 MB offset 286728120
    16:07:25.801 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 66001 MB offset 327051270
    16:07:25.811 Disk 0 Partition - 00 0F Extended LBA 79550 MB offset 462222180
    16:07:25.831 Disk 0 Partition - 00 05 Extended 5546 MB offset 462222242
    16:07:25.846 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 5546 MB offset 462222243
    16:07:25.856 Disk 0 Partition - 00 05 Extended 73997 MB offset 473596262
    16:07:25.876 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 73997 MB offset 473596263
    16:07:25.916 Disk 0 scanning C:\Windows\system32\drivers
    16:07:35.791 Service scanning
    16:07:57.949 Modules scanning
    16:07:57.964 Disk 0 trace - called modules:
    16:07:58.024 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    16:07:58.039 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c6a790]
    16:07:58.054 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004c6a040]
    16:07:58.069 5 hpdskflt.sys[fffff880019cc189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004721060]
    16:07:58.084 Scan finished successfully
    16:08:04.046 Disk 0 MBR has been saved successfully to "C:\Users\Khashayar\Desktop\MBR.dat"
    16:08:04.061 The log file has been saved successfully to "C:\Users\Khashayar\Desktop\aswMBR.txt"