BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Please help save my PC
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Please help save my PC  
Forum Quick Jump
 
New Topic Post reply to : Please help  save my PC Printable version of : Please help  save my PC
40 posts in this thread.
Viewing Page :
 1  2 
[ << Previous Thread | Next Thread >> ]

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/12/2013 4:32 AM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
I am new to this kind of thing but I will try and explain, my PC is running so slow and when I run a scan of anykind I have seen these folders in the scan: Trojan.Win32/Agent: Trojan.Win32/Vundo: Backdoor.frauder: Trojan.trace, just to name a few. I don't know what they are or where they came from. I am hoping someone can walk me thru any process to help me save my PC.

File Attachment :
autorun.inf   1KB (application/octet-stream)
This file has been downloaded 98 time(s).

File Attachment :
locale.dat   0KB (application/octet-stream)
This file has been downloaded 89 time(s).
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/12/2013 9:40 AM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
Hi Deb1957          smile
 
 
 
 
If you follow this  step by step guide, we'll take it from there:
 
 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/13/2013 7:25 AM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
Reboot to safe mode, and run DDS from there.


1.Close all the running programs and restart your system
 2.Keep pressing the F8 key continuously while the system boots up
 3.From the list of options provided, select the Safe Mode option.
Your computer will take some time to enter this mode.
 4.In the Safe Mode, browse to the DDS utility and then double click on it
 
Reboot normally, and post the log along with malwarebyte log.
 
 
Open malwarebyte log.
 While the log is open, select all the text with CTRL + A.
To copy the selected text use CTRL + C,
Then go into your question (Here) and click on the Comment/Reply button.
Insert the copied text with the key combination CTRL + V.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/13/2013 8:56 AM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
We´ll leave DDS for now    ;-)
 
 
 
Reboot to safe mode with networking, and download OTL from here:
 
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
 
 
 
    Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please post  - Copy and paste - OTL txt file in next reply
 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/14/2013 8:33 AM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
Please try Again, as the logs are incomplete.
 
 
 
 
Open OTL txt log.
 While the log is open, select all the text with CTRL + A.
To copy the selected text use CTRL + C,
Then go into your question (Here) and click on the Post Reply button.

Insert the copied text with the key combination CTRL + V.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/14/2013 12:49 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deb\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 61.39% Memory free
2.87 Gb Paging File | 2.10 Gb Available in Paging File | 72.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 42.59 Gb Free Space | 57.15% Space Free | Partition Type: NTFS

Computer Name: DEB-PC | User Name: Deb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/14 02:37:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deb\Downloads\OTL (2).exe
PRC - [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/02/20 15:37:48 | 001,611,584 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/15 19:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 01:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 01:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 01:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll


========== Services (SafeList) ==========

SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/15 19:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/06/16 03:20:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/20 14:29:25 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 14:29:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========
Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/14/2013 12:53 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\npf.sys -- (NPF)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F34305E7-E010-4BEB-AF7D-C57293834EA6}\MpKsl9bd0b01c.sys -- (MpKsl9bd0b01c)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh6.sys -- (BCMH43XX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/11/24 09:36:15 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/11/24 09:36:15 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/11/24 09:36:15 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/11/24 09:36:15 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 16:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 16:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 16:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/10/15 09:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/09/28 22:52:10 | 000,064,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/09/21 02:26:08 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2010/11/26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 14:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/13 19:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3
Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/14/2013 12:54 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\npf.sys -- (NPF)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F34305E7-E010-4BEB-AF7D-C57293834EA6}\MpKsl9bd0b01c.sys -- (MpKsl9bd0b01c)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh6.sys -- (BCMH43XX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/11/24 09:36:15 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/11/24 09:36:15 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/11/24 09:36:15 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/11/24 09:36:15 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 16:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 16:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 16:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/10/15 09:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/09/28 22:52:10 | 000,064,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/09/21 02:26:08 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2010/11/26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 14:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/13 19:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3
Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/14/2013 12:56 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C223E65-F1FA-43B6-9B8E-B05403437BF3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00B72E7-9192-48F5-B9CF-D452C8440760}: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/13 19:45:12 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\f-secure
[2013/04/13 19:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2013/04/12 15:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/12 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/04/12 13:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/28 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Malwarebytes
[2013/03/28 17:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/28 17:37:12 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\Programs
[2013/03/27 13:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/27 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely
[2013/03/27 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely
[2013/03/27 13:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\APN

========== Files - Modified Within 30 Days ==========

[2013/04/14 02:37:36 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/14/2013 12:57 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
[2013/03/28 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Malwarebytes
[2013/03/28 17:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/28 17:37:12 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\Programs
[2013/03/27 13:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/27 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely
[2013/03/27 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely
[2013/03/27 13:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\APN

========== Files - Modified Within 30 Days ==========

[2013/04/14 02:37:36 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/14 02:37:36 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/14 02:33:22 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/14 02:33:14 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/04/14 02:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/14 02:32:25 | 1157,128,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/14 02:30:37 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_EBA6683F-34B1-11E2-B25F-001921A7F77D.job
[2013/04/14 01:52:11 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/13 18:00:05 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/04/12 13:42:13 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/11 23:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2013/04/10 08:54:41 | 000,269,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/09 14:12:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 00:55:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 00:55:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 01:52:56 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/03/29 05:44:07 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/03/27 13:59:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2013/04/12 13:42:13 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/27 13:59:23 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/03/27 13:59:11 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/27 13:10:49 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/03/02 18:25:56 | 000,000,017 | ---- | C] () -- C:\Users\Deb\AppData\Local\resmon.resmoncfg
[2013/02/28 00:22:53 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/06/22 21:31:03 | 000,000,922 | ---- | C] () -- C:\Users\Deb\Windows Easy Transfer.lnk
[2012/06/22 21:31:03 | 000,000,706 | ---- | C] () -- C:\Users\Deb\autorun.inf

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/03 06:24:11 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\DriverCure
[2013/04/13 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\f-secure
[2013/04/12 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\IObit
[2012/08/03 06:24:11 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\SpeedyPC Software

========== Purity Check ==========



< End of report >

[2013/03/28 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Malwarebytes
[2013/03/28 17:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/28 17:37:12 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\Programs
[2013/03/27 13:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/27 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely
[2013/03/27 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely
[2013/03/27 13:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\APN

========== Files - Modified Within 30 Days ==========

[2013/04/14 02:37:36 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/14 02:37:36 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/14 02:33:22 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/14 02:33:14 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/04/14 02:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/14 02:32:25 | 1157,128,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/14 02:30:37 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_EBA6683F-34B1-11E2-B25F-001921A7F77D.job
[2013/04/14 01:52:11 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/13 18:00:05 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/04/12 13:42:13 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/11 23:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2013/04/10 08:54:41 | 000,269,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/09 14:12:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 00:55:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 00:55:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 01:52:56 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/03/29 05:44:07 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/03/27 13:59:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2013/04/12 13:42:13 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/27 13:59:23 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/03/27 13:59:11 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/27 13:10:49 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/03/02 18:25:56 | 000,000,017 | ---- | C] () -- C:\Users\Deb\AppData\Local\resmon.resmoncfg
[2013/02/28 00:22:53 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/06/22 21:31:03 | 000,000,922 | ---- | C] () -- C:\Users\Deb\Windows Easy Transfer.lnk
[2012/06/22 21:31:03 | 000,000,706 | ---- | C] () -- C:\Users\Deb\autorun.inf

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/03 06:24:11 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\DriverCure
[2013/04/13 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\f-secure
[2013/04/12 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\IObit
[2012/08/03 06:24:11 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\SpeedyPC Software

========== Purity Check ==========



< End of report >
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/14/2013 6:16 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
Looks complete to me               smile
 
 
 
 
We need to run an OTL Fix
  • Please reopen OTL on your desktop.
  • Copy and Paste the following text in bold into the  Custom Scan textbox.


    
:OTL 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
:Files 
c:\Program Files\Microsoft Security Client
C:\Program Files\IObit\Advanced SystemCare 6
C:\Users\Deb\AppData\Roaming\f-secure
C:\ProgramData\F-Secure
C:\Users\Deb\AppData\Roaming\SpeedyPC Software
C:\Users\Deb\AppData\Roaming\DriverCure
C:\ProgramData\APN
ipconfig /flushdns /
:Commands 
[purity] 
[resethosts] 
[CreateRestorePoint] 
[emptytemp] 
[EMPTYFLASH]
 
  • Push  Run Fix Button
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click OK.
  • A report will open.
  • Copy and Paste that report in your next reply.
 
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/14/2013 10:29 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
c:\Program Files\Microsoft Security Client\en-us folder moved successfully.
c:\Program Files\Microsoft Security Client\Drivers\NisDrv folder moved successfully.
c:\Program Files\Microsoft Security Client\Drivers\mpfilter folder moved successfully.
c:\Program Files\Microsoft Security Client\Drivers folder moved successfully.
c:\Program Files\Microsoft Security Client\Backup\x86 folder moved successfully.
c:\Program Files\Microsoft Security Client\Backup\en-us folder moved successfully.
c:\Program Files\Microsoft Security Client\Backup folder moved successfully.
Folder move failed. c:\Program Files\Microsoft Security Client scheduled to be moved on reboot.
C:\Program Files\IObit\Advanced SystemCare 6\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Toolbox_Language folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Toolbox_Download folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\skin folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\SecurityHole_Backup folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\LatestNews folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Language folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Images folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\drivers\wxp_x86 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\drivers\wxp_amd64 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\drivers\wnet_x86 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\drivers\wnet_amd64 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\drivers\wlh_x86 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\drivers\wlh_amd64 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\drivers\win7_x86 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\drivers\win7_amd64 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\drivers folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Database folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ascsurfingprotection@iobit.com\chrome folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ascsurfingprotection@iobit.com folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\BootTimeLog folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Boottime\BootTimeData folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Boottime\Backup folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Boottime folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6\Backup folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 6 folder moved successfully.
C:\Users\Deb\AppData\Roaming\f-secure folder moved successfully.
C:\ProgramData\F-Secure\Daas2\cert folder moved successfully.
C:\ProgramData\F-Secure\Daas2 folder moved successfully.
C:\ProgramData\F-Secure folder moved successfully.
C:\Users\Deb\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Users\Deb\AppData\Roaming\SpeedyPC Software folder moved successfully.
C:\Users\Deb\AppData\Roaming\DriverCure folder moved successfully.
C:\ProgramData\APN\APN-Stub\W3IV6-G folder moved successfully.
C:\ProgramData\APN\APN-Stub folder moved successfully.
C:\ProgramData\APN folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Deb\Downloads\cmd.bat deleted successfully.
C:\Users\Deb\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Deb
->Temp folder emptied: 620655037 bytes
->Temporary Internet Files folder emptied: 995207 bytes
->Java cache emptied: 78958444 bytes
->Google Chrome cache emptied: 255439106 bytes
->Flash cache emptied: 523 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 539272 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 912.00 mb


[EMPTYFLASH]

User: All Users

User: Deb
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04142013_122238

Files\Folders moved on Reboot...
Folder move failed. c:\Program Files\Microsoft Security Client scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/15/2013 11:51 AM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
"Wow that one was easier than the rest"
 
 
 
 
The following is also an easy task     ;-)
 
 
 
Please download Combofix from:
 
 And save to the desktop.
 .
 
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall.
In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


NB. If you still get errrors on bootup, please let me know, but notice if it is exactly the same error every time ?






Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/15/2013 11:01 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1471.770 [GMT -7:00]
Running from: c:\users\Deb\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 )))))))))))))))))))))))))))))))
.
.
2013-04-15 19:08 . 2013-04-15 19:08 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFBB14C3-D75B-4EF8-833E-548A092CD7A5}\MpKsldab5a86d.sys
2013-04-14 19:22 . 2013-04-14 19:22 -------- dc----w- C:\_OTL
2013-04-14 09:47 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFBB14C3-D75B-4EF8-833E-548A092CD7A5}\mpengine.dll
2013-04-13 05:49 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-12 22:14 . 2013-04-12 22:14 -------- d-----w- c:\program files\Common Files\Java
2013-04-12 22:13 . 2013-04-12 22:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-12 22:13 . 2013-04-12 22:13 -------- d-----w- c:\program files\Java
2013-04-12 20:42 . 2013-04-12 20:42 -------- d-----w- c:\program files\CCleaner
2013-04-10 07:48 . 2013-02-22 03:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-10 07:48 . 2013-02-22 04:10 149616 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-04-10 07:48 . 2013-02-22 03:36 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-10 07:48 . 2013-02-22 03:34 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-04-10 07:48 . 2013-02-22 03:35 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-04-10 07:48 . 2013-02-22 03:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-10 06:32 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 06:31 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 06:31 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 06:31 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 06:31 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 06:31 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 06:24 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-29 00:37 . 2013-03-29 00:37 -------- d-----w- c:\users\Deb\AppData\Roaming\Malwarebytes
2013-03-29 00:37 . 2013-03-29 00:37 -------- d-----w- c:\programdata\Malwarebytes
2013-03-29 00:37 . 2013-03-29 00:37 -------- d-----w- c:\users\Deb\AppData\Local\Programs
2013-03-27 21:00 . 2013-03-27 21:00 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59F07645-ACF9-4912-A061-AE8A9689A50D}\gapaengine.dll
2013-03-27 20:58 . 2013-04-15 19:50 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-27 20:10 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2013-03-27 20:10 . 2013-03-27 20:10 -------- d-----w- c:\program files\Open Freely
2013-03-26 15:17 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7398C72E-1D00-45DC-9401-4FE6A30B5495}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 22:13 . 2012-06-16 12:10 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-12 22:13 . 2012-06-16 12:10 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-02 10:33 . 2012-06-16 10:39 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-14 09:02 . 2013-03-14 09:02 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-13 22:53 . 2013-02-13 22:53 5105904 ----a-w- c:\windows\uninst.exe
2013-02-12 04:48 . 2013-03-13 17:07 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 17:07 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-20 22:59 . 2013-01-20 22:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-16 02:49 . 2012-06-28 19:52 23872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-06-16 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/15/2013 11:03 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MpKsldab5a86d;MpKsldab5a86d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFBB14C3-D75B-4EF8-833E-548A092CD7A5}\MpKsldab5a86d.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
GPSvcGroup REG_MULTI_SZ GPSvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-09 21:10 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-28 07:47]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-28 07:47]
.
2013-04-06 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-31 18:06]
.
2013-04-14 c:\windows\Tasks\SpeedyPC Pro_sch_EBA6683F-34B1-11E2-B25F-001921A7F77D.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-31 18:06]
.
2013-04-14 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2013-03-28 18:41]
.
2013-04-15 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-28 18:41]
.
2013-03-29 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-28 18:41]
.
.
------- Supplementary Scan -------
.
Trusted Zone: facebook.com
Trusted Zone: msn.com\www
TCP: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKU-Default-Run-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
MSConfigStartUp-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
MSConfigStartUp-Google Update - c:\users\Deb\AppData\Local\Google\Update\GoogleUpda
Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/15/2013 11:04 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKU-Default-Run-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
MSConfigStartUp-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
MSConfigStartUp-Google Update - c:\users\Deb\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
AddRemove-Advanced SystemCare 6_is1 - c:\program files\IObit\Advanced SystemCare 6\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:41,e2,36,db,af,73,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,7f,cc,3a,c0,05,59,44,ba,b9,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,7f,cc,3a,c0,05,59,44,ba,b9,4b,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\fxssvc.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-04-15 12:57:17 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-15 19:57
.
Pre-Run: 46,584,754,176 bytes free
Post-Run: 46,075,461,632 bytes free
.
- - End Of File - - CB89B99D8ABEDDDC57220F1433348DCF
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/16/2013 9:56 AM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
Yes, it is a good thing, and the log looks clean to me              smile
 
 
 
 
How are Things running now                    ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/16/2013 10:22 AM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
I´m sorry to be  bearer of bad news
.
 
But there is not enough RAM in your computer to run win7 properly.

You have 1.44GB of RAM, which should be minimun 3 or 4GB RAM.
 
 
See if mediacenter are turned on, as described here:
 
 
 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/17/2013 7:30 AM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
There's one more thing I'd like to know, I will try and explain the best I can, hopefully you can help. At first I had windows 7 Home on here and my PC ran great, but after a while I put windows 7 Ultimate on here, that's when I started having problems. When I changed to Ultimate I noticed all the things that I had on 7 Home were gone. I had to reinstall everything like Flashplayer, Avast, Advanced System Care, etc. Even my pics. But I'm thinking that all that stuff was still on here, somewhere. But now I'm thinking it might be on here twice and using up more of my hard drive, does this make sense? I don't believe I backed up anything when I switched over, so if all my pics are still in my PC, somewhere, how do I find them and bring them over to Ultimate? I have tried using Windows Easy Transfer, but it's not all that easy. I just can't figure Easy Transfer out, I know I have a file where all those things are saved at, but when I try and open the file, it won't open and I don't know how to bring them over to Ultimate?? I hope this makes sense, and I hope you can help. Thank you Deb
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/18/2013 4:33 AM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
If I understand it correctly, then you should have a  "Windows. Old" folder on the C drive, where the "old" data is stored.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/18/2013 1:41 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
If you still have something from the previous installation, you should be able to find them with "Search Everything":
 
 
 
 
 
 
 
 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/22/2013 7:19 AM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
What´s the name of the huge file ?


If you remember the name/s of (some) of the Picture files, type the name in the "Everything´s" search box, and hit Enter.............


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/22/2013 12:11 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
 "backdoor stuff plus more is back on my PC"
 
 
 
 
How did you do it      ?
 
 
 
I need to get a comprehensive report of what is present on your computer.
 
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
 
 
 
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  •  
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs
NOW

<!--[if !supportLineBreakNewLine]-->
<!--[endif]-->


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/22/2013 8:22 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
Ok I am posting everything that came up, and I don't know how I did it, I wish I knew...and I am the only user on my PC so I don't understand it.


OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deb\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.28% Memory free
2.87 Gb Paging File | 2.09 Gb Available in Paging File | 72.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 43.30 Gb Free Space | 58.10% Space Free | Partition Type: NTFS

Computer Name: DEB-PC | User Name: Deb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/22 10:04:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deb\Downloads\OTL (4).exe
PRC - [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/02/20 15:37:48 | 001,611,584 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012/12/25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 01:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 01:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 01:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/06/16 03:20:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010/11/20 14:29:25 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 14:29:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Deb\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh6.sys -- (BCMH43XX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/11/24 09:36:15 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/11/24 09:36:15 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/11/24 09:36:15 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/11/24 09:36:15 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 16:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 16:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 16:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/10/15 09:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/09/28 22:52:10 | 000,064,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/09/21 02:26:08 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/07/05 13:53:38 | 000,019,832 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:36 | 000,030,640 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:20 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2010/11/26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 14:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/13 19:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)


========== Standard Registry (SafeList) ==========
Back to Top
 

Deb1957
New Member


Date Joined Apr 2013
Total Posts : 19
 
   Posted 4/22/2013 8:23 PM (GMT +3)    Quote: Please help  save my PCAlert an admin about: Please help  save my PC
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 72 E9 4E DF 2C CE 01 [binary data]
IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\..\SearchScopes\{40C2A0B8-6415-4A0A-B0C5-629A827DC60A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=803CBF92-F69B-4A08-9C4F-84DF9329B33D&apn_sauid=DB49D863-6524-48DD-8632-5CB53EB2D551
IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.facebook.com/?ref=tn_tnmn
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_1\
CHR - Extension: Google Docs = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Mahjongg = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0\
CHR - Extension: Mahjong Master = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghchjojloakfbboibnfnleloeamkkgf\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/15 12:51:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\..Trusted Domains: facebook.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\..Trusted Domains: msn.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C223E65-F1FA-43B6-9B8E-B05403437BF3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00B72E7-9192-48F5-B9CF-D452C8440760}: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 10:13:41 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2013/04/21 10:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Everything
[2013/04/18 02:00:37 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\DriverCure
[2013/04/18 02:00:34 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\SpeedyPC Software
[2013/04/15 22:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/04/15 12:57:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/15 12:52:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/15 12:11:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/15 12:11:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/15 12:11:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/15 12:08:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/15 12:08:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/14 12:22:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/12 15:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/12 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/04/12 13:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/28 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Malwarebytes
[2013/03/28 17:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/28 17:37:12 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\Programs
[2013/03/27 13:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/27 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely
[2013/03/27 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely

========== Files - Modified Within 30 Days ==========

[2013/04/22 09:53:18 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/22 07:29:02 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/22 07:28:47 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/04/22 07:28:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/22 07:28:15 | 1157,128,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/22 02:00:23 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_EBA6683F-34B1-11E2-B25F-001921A7F77D.job
[2013/04/21 18:00:01 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/04/21 15:49:51 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/21 15:49:51 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/21 11:06:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/21 11:06:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/20 01:12:33 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/04/19 09:03:55 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/04/19 05:45:39 | 000,001,159 | ---- | M] () -- C:\Users\Deb\Desktop\SpeedyPC Pro.lnk
[2013/04/15 22:51:27 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013/04/15 12:51:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/15 12:09:51 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/12 13:42:13 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/10 08:54:41 | 000,269,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/09 14:12:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/04/15 22:51:27 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013/04/15 12:11:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/15 12:11:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/15 12:11:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
Back to Top
 
New Topic Post reply to : Please help  save my PC Printable version of : Please help  save my PC
40 posts in this thread.
Viewing Page :
 1  2 
 
Forum Information
Currently it is Tuesday, July 29, 2014 1:42 PM (GMT +3)
There are a total of 60,529 posts in 13,304 threads.
In the last 3 days there were 1 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36184 registered members. Please welcome our newest member, ByronMarsh.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard removes CODWAW.exe says its a trojen generic (1)7/26/2014 5:56:15 PM (Andreea-Luciana Ostache)