Please help save my PC

Posted 4/12/2013 1:32 AM
#95373
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
I am new to this kind of thing but I will try and explain, my PC is running so slow and when I run a scan of anykind I have seen these folders in the scan: Trojan.Win32/Agent: Trojan.Win32/Vundo: Backdoor.frauder: Trojan.trace, just to name a few. I don't know what they are or where they came from. I am hoping someone can walk me thru any process to help me save my PC.
Post attachments:
Posted 4/12/2013 6:40 AM
#95375
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/13/2013 4:25 AM
#95386
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Reboot to safe mode, and run DDS from there. <br/><br /><br /><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"><span class="hps">1.Close all the running programs and restart your system <br/> 2.Keep pressing the[color="red">]F8</b>[/color] key continuously while the system boots up <br/> 3.From the list of options provided, select the Safe Mode option. <br/><span class="hps">Your computer will take some time to enter this mode. <br/> 4.In the Safe Mode, browse to the DDS utility and then double click on it <br/> <br/>Reboot normally, and post the log along with malwarebyte log. <br/> <br/> <br/><span class="hps">Open malwarebyte log. <br/><span class="hps"> While the log is open, select all the text with CTRL + A. <br/>To copy the selected text use CTRL + C, <br/>Then go into your question (Here) and click on the Comment/Reply button. <br/>Insert the copied text with the key combination CTRL + V.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/13/2013 5:56 AM
#95388
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
We´ll leave DDS for now ;-) </div> <br/> <br/> <br/>Reboot to safe mode with networking, and download OTL from here: <br/> <br/> <br/> <br/> <br/>Download <span style="mso-bidi-font-weight: bold;">OTL by OldTimer, <br/>saving it to your desktop: <span lang="EN-GB" style="color: black; mso-ansi-language: EN-GB;">http://oldtimer.geekstogo.com/OTL.exe<o:p></o:p> <br/> <br/> <br/> <br/><o:p> </o:p> <br/> <br/> <br/> <br/><o:p> </o:p> <br/> <br/> <br/> <br/><o:p> </o:p> <br/> <br/> <br/> <br/><ul type="disc"><span lang="EN-GB" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN-GB;">Double click on the icon to run it. Make <br/> sure all other windows are closed and to let it run uninterrupted.<o:p></o:p> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;"><span style="font-family: Tahoma; font-size: 10pt;">Select <br/> All Users<o:p></o:p></li> <br/></ul> <br/> <br/> <br/> <br/> <br/><ul type="disc"> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;">Click the <span class="bbcu1">Quick Scan <br/> button. Do not change any settings. The scan wont take long.<o:p></o:p></li> <br/></ul> <br/> <br/><ul type="disc"> <br/> <ul type="disc"> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level2 lfo2; tab-stops: list 72.0pt;"><span lang="EN-GB" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN-GB;">When the scan completes, it will open two <br/> notepad windows. OTL.Txt and Extras.Txt. <br/> These are saved in the same location as OTL.</li></ul><li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level2 lfo2; tab-stops: list 72.0pt;"></li><li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level2 lfo2; tab-stops: list 72.0pt;">Please post - Copy and paste - OTL txt file in next reply</li><ul type="disc"> <br/> </ul> <br/></ul>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/14/2013 5:33 AM
#95413
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Please try Again, as the logs are incomplete.</div> <br/> <br/> <br/> <br/><span class="hps">Open OTL txt log. <br/><span class="hps"> While the log is open, select all the text with CTRL + A. <br/>To copy the selected text use CTRL + C, <br/>Then go into your question (Here) and click on the [color="red">Post</font>[/b] Reply[/color] button. <br/> <br/>Insert the copied text with the key combination CTRL + V.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/14/2013 9:49 AM
#95415
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deb\Downloads <br/> Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation <br/>Internet Explorer (Version = 9.0.8112.16421) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>1.44 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 61.39% Memory free <br/>2.87 Gb Paging File | 2.10 Gb Available in Paging File | 72.98% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files <br/>Drive C: | 74.52 Gb Total Space | 42.59 Gb Free Space | 57.15% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: DEB-PC | User Name: Deb | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: Current user | Quick Scan <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Processes (SafeList) ==========[/color] <br/> <br/>PRC - [2013/04/14 02:37:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deb\Downloads\OTL (2).exe <br/>PRC - [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe <br/>PRC - [2013/02/20 15:37:48 | 001,611,584 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe <br/>PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe <br/>PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe <br/>PRC - [2013/01/15 19:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe <br/>PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe <br/>PRC - [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe <br/>PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe <br/>PRC - [2010/11/20 14:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe <br/> <br/> <br/>[color=#E56717]========== Modules (No Company Name) ==========[/color] <br/> <br/>MOD - [2013/04/09 01:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll <br/>MOD - [2013/04/09 01:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll <br/>MOD - [2013/04/09 01:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll <br/>MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll <br/> <br/> <br/>[color=#E56717]========== Services (SafeList) ==========[/color] <br/> <br/>SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) <br/>SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) <br/>SRV - [2013/01/15 19:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) <br/>SRV - [2012/06/16 03:20:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) <br/>SRV - [2010/11/20 14:29:25 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) <br/>SRV - [2010/11/20 14:29:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) <br/>SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) <br/>SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) <br/>SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) <br/> <br/> <br/>[color=#E56717]========== Driver Services (SafeList) ==========[/color]
Posted 4/14/2013 9:53 AM
#95416
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\npf.sys -- (NPF) <br/>DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F34305E7-E010-4BEB-AF7D-C57293834EA6}\MpKsl9bd0b01c.sys -- (MpKsl9bd0b01c) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh6.sys -- (BCMH43XX) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur) <br/>DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) <br/>DRV - [2012/11/24 09:36:15 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) <br/>DRV - [2012/11/24 09:36:15 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) <br/>DRV - [2012/11/24 09:36:15 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) <br/>DRV - [2012/11/24 09:36:15 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) <br/>DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) <br/>DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) <br/>DRV - [2012/10/30 16:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2) <br/>DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) <br/>DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) <br/>DRV - [2012/10/30 16:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW) <br/>DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) <br/>DRV - [2012/10/30 16:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) <br/>DRV - [2012/10/15 09:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) <br/>DRV - [2012/09/28 22:52:10 | 000,064,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) <br/>DRV - [2012/09/21 02:26:08 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis) <br/>DRV - [2010/11/26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) <br/>DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) <br/>DRV - [2010/11/20 14:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) <br/>DRV - [2010/11/20 14:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) <br/>DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) <br/>DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) <br/>DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) <br/>DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) <br/>DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) <br/>DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) <br/>DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) <br/>DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) <br/>DRV - [2007/06/13 19:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) <br/> <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3
Posted 4/14/2013 9:54 AM
#95417
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\npf.sys -- (NPF) <br/>DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F34305E7-E010-4BEB-AF7D-C57293834EA6}\MpKsl9bd0b01c.sys -- (MpKsl9bd0b01c) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh6.sys -- (BCMH43XX) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur) <br/>DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) <br/>DRV - [2012/11/24 09:36:15 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) <br/>DRV - [2012/11/24 09:36:15 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) <br/>DRV - [2012/11/24 09:36:15 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) <br/>DRV - [2012/11/24 09:36:15 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) <br/>DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) <br/>DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) <br/>DRV - [2012/10/30 16:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2) <br/>DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) <br/>DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) <br/>DRV - [2012/10/30 16:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW) <br/>DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) <br/>DRV - [2012/10/30 16:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) <br/>DRV - [2012/10/15 09:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) <br/>DRV - [2012/09/28 22:52:10 | 000,064,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) <br/>DRV - [2012/09/21 02:26:08 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis) <br/>DRV - [2010/11/26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) <br/>DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) <br/>DRV - [2010/11/20 14:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) <br/>DRV - [2010/11/20 14:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) <br/>DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) <br/>DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) <br/>DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) <br/>DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) <br/>DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) <br/>DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) <br/>DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) <br/>DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) <br/>DRV - [2007/06/13 19:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) <br/> <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3
Posted 4/14/2013 9:56 AM
#95418
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. <br/>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) <br/>O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. <br/>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) <br/>O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. <br/>O4 - HKLM..\Run: [] File not found <br/>O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 <br/>O13 - gopher Prefix: missing <br/>O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites) <br/>O15 - HKCU\..Trusted Domains: msn.com ([www] https in Trusted sites) <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C223E65-F1FA-43B6-9B8E-B05403437BF3}: DhcpNameServer = 192.168.2.1 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00B72E7-9192-48F5-B9CF-D452C8440760}: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115 <br/>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) <br/>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. <br/>O32 - HKLM CDRom: AutoRun - 1 <br/>O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] <br/>O34 - HKLM BootExecute: (autocheck autochk *) <br/>O35 - HKLM\..comfile [open] -- "%1" %* <br/>O35 - HKLM\..exefile [open] -- "%1" %* <br/>O37 - HKLM\...com [@ = comfile] -- "%1" %* <br/>O37 - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) <br/>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) <br/> <br/>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] <br/> <br/>[2013/04/13 19:45:12 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\f-secure <br/>[2013/04/13 19:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure <br/>[2013/04/12 15:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java <br/>[2013/04/12 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java <br/>[2013/04/12 13:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner <br/>[2013/03/28 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Malwarebytes <br/>[2013/03/28 17:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes <br/>[2013/03/28 17:37:12 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\Programs <br/>[2013/03/27 13:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client <br/>[2013/03/27 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely <br/>[2013/03/27 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely <br/>[2013/03/27 13:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\APN <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2013/04/14 02:37:36 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
Posted 4/14/2013 9:57 AM
#95419
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
[2013/03/28 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Malwarebytes <br/>[2013/03/28 17:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes <br/>[2013/03/28 17:37:12 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\Programs <br/>[2013/03/27 13:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client <br/>[2013/03/27 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely <br/>[2013/03/27 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely <br/>[2013/03/27 13:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\APN <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2013/04/14 02:37:36 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat <br/>[2013/04/14 02:37:36 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat <br/>[2013/04/14 02:33:22 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job <br/>[2013/04/14 02:33:14 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job <br/>[2013/04/14 02:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat <br/>[2013/04/14 02:32:25 | 1157,128,192 | -HS- | M] () -- C:\hiberfil.sys <br/>[2013/04/14 02:30:37 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_EBA6683F-34B1-11E2-B25F-001921A7F77D.job <br/>[2013/04/14 01:52:11 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job <br/>[2013/04/13 18:00:05 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job <br/>[2013/04/12 13:42:13 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk <br/>[2013/04/11 23:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Regwork.job <br/>[2013/04/10 08:54:41 | 000,269,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT <br/>[2013/04/09 14:12:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk <br/>[2013/04/09 00:55:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 <br/>[2013/04/09 00:55:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 <br/>[2013/04/06 01:52:56 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job <br/>[2013/03/29 05:44:07 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job <br/>[2013/03/27 13:59:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif <br/> <br/>[color=#E56717]========== Files Created - No Company Name ==========[/color] <br/> <br/>[2013/04/12 13:42:13 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk <br/>[2013/03/27 13:59:23 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif <br/>[2013/03/27 13:59:11 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk <br/>[2013/03/27 13:10:49 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll <br/>[2013/03/02 18:25:56 | 000,000,017 | ---- | C] () -- C:\Users\Deb\AppData\Local\resmon.resmoncfg <br/>[2013/02/28 00:22:53 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys <br/>[2012/06/22 21:31:03 | 000,000,922 | ---- | C] () -- C:\Users\Deb\Windows Easy Transfer.lnk <br/>[2012/06/22 21:31:03 | 000,000,706 | ---- | C] () -- C:\Users\Deb\autorun.inf <br/> <br/>[color=#E56717]========== ZeroAccess Check ==========[/color] <br/> <br/>[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] <br/>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] <br/>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Both <br/> <br/>[color=#E56717]========== LOP Check ==========[/color] <br/> <br/>[2012/08/03 06:24:11 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\DriverCure <br/>[2013/04/13 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\f-secure <br/>[2013/04/12 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\IObit <br/>[2012/08/03 06:24:11 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\SpeedyPC Software <br/> <br/>[color=#E56717]========== Purity Check ==========[/color] <br/> <br/> <br/> <br/>< End of report > <br/> <br/>[2013/03/28 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Malwarebytes <br/>[2013/03/28 17:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes <br/>[2013/03/28 17:37:12 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\Programs <br/>[2013/03/27 13:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client <br/>[2013/03/27 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely <br/>[2013/03/27 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely <br/>[2013/03/27 13:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\APN <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2013/04/14 02:37:36 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat <br/>[2013/04/14 02:37:36 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat <br/>[2013/04/14 02:33:22 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job <br/>[2013/04/14 02:33:14 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job <br/>[2013/04/14 02:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat <br/>[2013/04/14 02:32:25 | 1157,128,192 | -HS- | M] () -- C:\hiberfil.sys <br/>[2013/04/14 02:30:37 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_EBA6683F-34B1-11E2-B25F-001921A7F77D.job <br/>[2013/04/14 01:52:11 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job <br/>[2013/04/13 18:00:05 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job <br/>[2013/04/12 13:42:13 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk <br/>[2013/04/11 23:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Regwork.job <br/>[2013/04/10 08:54:41 | 000,269,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT <br/>[2013/04/09 14:12:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk <br/>[2013/04/09 00:55:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 <br/>[2013/04/09 00:55:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 <br/>[2013/04/06 01:52:56 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job <br/>[2013/03/29 05:44:07 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job <br/>[2013/03/27 13:59:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif <br/> <br/>[color=#E56717]========== Files Created - No Company Name ==========[/color] <br/> <br/>[2013/04/12 13:42:13 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk <br/>[2013/03/27 13:59:23 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif <br/>[2013/03/27 13:59:11 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk <br/>[2013/03/27 13:10:49 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll <br/>[2013/03/02 18:25:56 | 000,000,017 | ---- | C] () -- C:\Users\Deb\AppData\Local\resmon.resmoncfg <br/>[2013/02/28 00:22:53 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys <br/>[2012/06/22 21:31:03 | 000,000,922 | ---- | C] () -- C:\Users\Deb\Windows Easy Transfer.lnk <br/>[2012/06/22 21:31:03 | 000,000,706 | ---- | C] () -- C:\Users\Deb\autorun.inf <br/> <br/>[color=#E56717]========== ZeroAccess Check ==========[/color] <br/> <br/>[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] <br/>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] <br/>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Both <br/> <br/>[color=#E56717]========== LOP Check ==========[/color] <br/> <br/>[2012/08/03 06:24:11 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\DriverCure <br/>[2013/04/13 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\f-secure <br/>[2013/04/12 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\IObit <br/>[2012/08/03 06:24:11 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\SpeedyPC Software <br/> <br/>[color=#E56717]========== Purity Check ==========[/color] <br/> <br/> <br/> <br/>< End of report >
Posted 4/14/2013 3:16 PM
#95421
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Looks complete to me :smile: </div> <br/> <br/> <br/> <br/> <br/> <br/><o:p> </o:p> <br/> <br/> <br/> <br/><span lang="EN" style="font-family: Tahoma; font-size: 10pt; font-weight: normal; mso-ansi-language: EN; mso-bidi-font-weight: bold;">We <br/>need to run an OTL Fix<span lang="EN" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN;"><br style="mso-special-character: line-break;"> <br/> <br/> <br/> <br/> <br/><ul type="disc"> <br/> <li class="MsoNormal" style="margin: 0cm 0cm 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;"><span lang="EN" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN;">Please <br/> reopen OTL on your desktop.<o:p></o:p></li> <br/> <li class="MsoNormal" style="margin: 0cm 0cm 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;">Copy<span lang="EN" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN;"> <br/> and Paste the following text in bold into the Custom Scan textbox. <o:p></o:p></li> <br/> </ul><span lang="EN" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN;"> <br/> <br/> <br/> <br/> <br/> <br/><pre style="margin-left: 18pt;"><span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">:<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">OTL <o:p></o:p></pre><pre style="margin-left: 18pt;"><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 8pt; mso-ansi-language: EN-GB;">O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. <br/> <br/>O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. <br/> <br/>O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. <br/> <br/>O4 - HKLM..\Run: [] File not found <br/><span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">:<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">Files<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;"> <o:p></o:p></pre><pre style="margin-left: 18pt;">c:\Program Files\Microsoft Security Client<o:p></o:p></pre><pre style="margin-left: 18pt;"><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 8pt; mso-ansi-language: EN-GB;">C:\Program Files\IObit\Advanced SystemCare 6 <br/> <br/>C:\Users\Deb\AppData\Roaming\f-secure <br/> <br/>C:\ProgramData\F-Secure <br/> <br/>C:\Users\Deb\AppData\Roaming\SpeedyPC Software <br/> <br/>C:\Users\Deb\AppData\Roaming\DriverCure<o:p></o:p></pre><pre style="margin-left: 18pt;">C:\ProgramData\APN<o:p></o:p></pre><pre style="margin-left: 18pt;"><span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">ipconfig <span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">/<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">flushdns <span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">/<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">c <o:p></o:p></pre><pre style="margin-left: 18pt;"><span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">:<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">Commands<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;"> <o:p></o:p></pre><pre style="margin-left: 18pt;"><span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">[<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">purity<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">]<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;"> <o:p></o:p></pre><pre style="margin-left: 18pt;"><span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">[<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">resethosts<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">]<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;"> <o:p></o:p></pre><pre style="margin-left: 18pt;"><span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">[<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">CreateRestorePoint<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">]<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;"> <o:p></o:p></pre><pre style="margin-left: 18pt;"><span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">[<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">emptytemp<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">]<span class="pln"><span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;"> <br/> <br/><span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">[<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">EMPTYFLASH<span lang="EN" style="font-family: Tahoma; mso-ansi-language: EN;">]<o:p></o:p></pre> <br/> <br/> <br/><o:p></o:p> <br/> <br/> <br/> <br/><ul type="disc"> <br/> <li class="MsoNormal" style="margin: 0cm 0cm 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;">Push<span style="mso-spacerun: yes;"> Run Fix Button<o:p></o:p></li> <br/> <li class="MsoNormal" style="margin: 0cm 0cm 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;"><span lang="EN" style="color: red; font-family: Tahoma; font-size: 10pt; font-weight: normal; mso-ansi-language: EN; mso-bidi-font-weight: bold;">OTL may ask to reboot the <br/> machine. Please do so if asked.<o:p></o:p></li> <br/> <li class="MsoNormal" style="margin: 0cm 0cm 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;">Click<span lang="EN" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN;"> <br/> OK.</li><li class="MsoNormal" style="margin: 0cm 0cm 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;"><o:p></o:p></li> <br/> <li class="MsoNormal" style="margin: 0cm 0cm 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;"><span lang="EN" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN;">A report <br/> will open. </li><li class="MsoNormal" style="margin: 0cm 0cm 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;"></li><li class="MsoNormal" style="margin: 0cm 0cm 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;"><span style="font-family: Tahoma; font-weight: normal; mso-bidi-font-weight: bold;">Copy and Paste <br/> that report in your next reply.</li></ul><o:p></o:p> <br/><ul type="disc"> <br/> <li class="MsoNormal" style="margin: 0cm 0cm 0pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo1; tab-stops: list 36.0pt;"><span lang="EN" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN;">If the <br/> machine reboots, the log will be located at <br/> C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date <br/> of the tool run.<o:p></o:p></li> <br/></ul>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/14/2013 7:29 PM
#95424
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
========== OTL ========== <br/>Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. <br/>========== FILES ========== <br/>c:\Program Files\Microsoft Security Client\en-us folder moved successfully. <br/>c:\Program Files\Microsoft Security Client\Drivers\NisDrv folder moved successfully. <br/>c:\Program Files\Microsoft Security Client\Drivers\mpfilter folder moved successfully. <br/>c:\Program Files\Microsoft Security Client\Drivers folder moved successfully. <br/>c:\Program Files\Microsoft Security Client\Backup\x86 folder moved successfully. <br/>c:\Program Files\Microsoft Security Client\Backup\en-us folder moved successfully. <br/>c:\Program Files\Microsoft Security Client\Backup folder moved successfully. <br/>Folder move failed. c:\Program Files\Microsoft Security Client scheduled to be moved on reboot. <br/>C:\Program Files\IObit\Advanced SystemCare 6\Update folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\Toolbox_Language folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\Toolbox_Download folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\skin folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\SecurityHole_Backup folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\LatestNews folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\Language folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\Images folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\drivers\wxp_x86 folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\drivers\wxp_amd64 folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\drivers\wnet_x86 folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\drivers\wnet_amd64 folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\drivers\wlh_x86 folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\drivers\wlh_amd64 folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\drivers\win7_x86 folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\drivers\win7_amd64 folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\drivers folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\Database folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ascsurfingprotection@iobit.com\chrome folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ascsurfingprotection@iobit.com folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\BootTimeLog folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\Boottime\BootTimeData folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\Boottime\Backup folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\Boottime folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6\Backup folder moved successfully. <br/>C:\Program Files\IObit\Advanced SystemCare 6 folder moved successfully. <br/>C:\Users\Deb\AppData\Roaming\f-secure folder moved successfully. <br/>C:\ProgramData\F-Secure\Daas2\cert folder moved successfully. <br/>C:\ProgramData\F-Secure\Daas2 folder moved successfully. <br/>C:\ProgramData\F-Secure folder moved successfully. <br/>C:\Users\Deb\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro folder moved successfully. <br/>C:\Users\Deb\AppData\Roaming\SpeedyPC Software folder moved successfully. <br/>C:\Users\Deb\AppData\Roaming\DriverCure folder moved successfully. <br/>C:\ProgramData\APN\APN-Stub\W3IV6-G folder moved successfully. <br/>C:\ProgramData\APN\APN-Stub folder moved successfully. <br/>C:\ProgramData\APN folder moved successfully. <br/>[color=#A23BEC]< ipconfig /flushdns /c >[/color] <br/>Windows IP Configuration <br/>Successfully flushed the DNS Resolver Cache. <br/>C:\Users\Deb\Downloads\cmd.bat deleted successfully. <br/>C:\Users\Deb\Downloads\cmd.txt deleted successfully. <br/>========== COMMANDS ========== <br/>C:\Windows\System32\drivers\etc\Hosts moved successfully. <br/>HOSTS file reset successfully <br/>Restore point Set: OTL Restore Point <br/> <br/>[EMPTYTEMP] <br/> <br/>User: All Users <br/> <br/>User: Deb <br/>->Temp folder emptied: 620655037 bytes <br/>->Temporary Internet Files folder emptied: 995207 bytes <br/>->Java cache emptied: 78958444 bytes <br/>->Google Chrome cache emptied: 255439106 bytes <br/>->Flash cache emptied: 523 bytes <br/> <br/>User: Default <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 0 bytes <br/> <br/>User: Default User <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 0 bytes <br/> <br/>User: Public <br/> <br/>%systemdrive% .tmp files removed: 0 bytes <br/>%systemroot% .tmp files removed: 0 bytes <br/>%systemroot%\System32 .tmp files removed: 0 bytes <br/>%systemroot%\System32\drivers .tmp files removed: 0 bytes <br/>Windows Temp folder emptied: 539272 bytes <br/>RecycleBin emptied: 0 bytes <br/> <br/>Total Files Cleaned = 912.00 mb <br/> <br/> <br/>[EMPTYFLASH] <br/> <br/>User: All Users <br/> <br/>User: Deb <br/>->Flash cache emptied: 0 bytes <br/> <br/>User: Default <br/> <br/>User: Default User <br/> <br/>User: Public <br/> <br/>Total Flash Files Cleaned = 0.00 mb <br/> <br/> <br/>OTL by OldTimer - Version 3.2.69.0 log created on 04142013_122238 <br/> <br/>Files\Folders moved on Reboot... <br/>Folder move failed. c:\Program Files\Microsoft Security Client scheduled to be moved on reboot. <br/> <br/>PendingFileRenameOperations files... <br/> <br/>Registry entries deleted on Reboot...
Posted 4/15/2013 8:51 AM
#95430
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
"Wow that one was easier than the rest"</div> <br/> <br/> <br/> <br/>The following is also an easy task ;-) <br/> <br/> <br/> <br/><span class="hps"> <br/> <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;">Please download Combofix from: <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;"> http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;"> <br/> <br/> <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;"><span style="mso-spacerun: yes;"> And save to the desktop.<o:p></o:p> <br/> <br/> <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;"><o:p> </o:p>.<o:p></o:p> <br/> <br/> <br/><o:p> </o:p> <br/> <br/> <br/> <o:p></o:p> <br/> <br/> <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB;">Double-click on the combofix icon found on <br/>your desktop. <o:p></o:p> <br/> <br/> <br/> <o:p></o:p> <br/> <br/> <br/><b style="mso-bidi-font-weight: normal;"><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt;">Please note, that once you start combofix <br/>you should not click anywhere on the combofix window as it can cause the <br/>program to stall. </b> <br/><b style="mso-bidi-font-weight: normal;"><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt;">In fact, when combofix is running, do not touch your computer <br/>at all and just take a break as it may take a while for it to complete.<o:p></o:p></b> <br/> <br/> <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt;"> <br/> <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;"><span style="mso-spacerun: yes;"> When finished, it will produce a logfile <br/>located at C:\combofix.txt.<span lang="EN-GB" style="font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;"><o:p></o:p> <br/> <br/> <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;"> <span lang="EN-GB" style="font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;"><o:p></o:p> <br/> <br/> <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 11.0pt;"> <br/> <br/><span class="postbody"><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;">Post <br/>the contents of that log in your next reply <o:p></o:p> <br/> <br/> <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;"><o:p> </o:p> <br/> <br/> <br/><span lang="EN" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt;">The logs will be <br/>reasonably large so you may have to divide them into sections and make several <br/>posts to post them. <br/> <br/> <br/></div> <br/> <br/>NB. If you still get errrors on bootup, please let me know, but notice if it is exactly the same error every time ? <br/><span class="hps"> <br/> <br/><span lang="EN" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt;"> <br/> <br/><br style="mso-special-character: line-break;"> <br/> <br/><span lang="EN-GB" style="color: black; font-family: Verdana; font-size: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma;"><o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/15/2013 8:01 PM
#95432
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1471.770 [GMT -7:00] <br/>Running from: c:\users\Deb\Downloads\ComboFix.exe <br/>AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} <br/>AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} <br/>FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} <br/>SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} <br/>SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} <br/>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>-------\Legacy_NPF <br/>-------\Service_NPF <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2013-04-15 19:08 . 2013-04-15 19:08 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFBB14C3-D75B-4EF8-833E-548A092CD7A5}\MpKsldab5a86d.sys <br/>2013-04-14 19:22 . 2013-04-14 19:22 -------- dc----w- C:\_OTL <br/>2013-04-14 09:47 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFBB14C3-D75B-4EF8-833E-548A092CD7A5}\mpengine.dll <br/>2013-04-13 05:49 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll <br/>2013-04-12 22:14 . 2013-04-12 22:14 -------- d-----w- c:\program files\Common Files\Java <br/>2013-04-12 22:13 . 2013-04-12 22:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll <br/>2013-04-12 22:13 . 2013-04-12 22:13 -------- d-----w- c:\program files\Java <br/>2013-04-12 20:42 . 2013-04-12 20:42 -------- d-----w- c:\program files\CCleaner <br/>2013-04-10 07:48 . 2013-02-22 03:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb <br/>2013-04-10 07:48 . 2013-02-22 04:10 149616 ----a-w- c:\program files\Internet Explorer\sqmapi.dll <br/>2013-04-10 07:48 . 2013-02-22 03:36 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll <br/>2013-04-10 07:48 . 2013-02-22 03:34 420864 ----a-w- c:\windows\system32\vbscript.dll <br/>2013-04-10 07:48 . 2013-02-22 03:35 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll <br/>2013-04-10 07:48 . 2013-02-22 03:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe <br/>2013-04-10 06:32 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys <br/>2013-04-10 06:31 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys <br/>2013-04-10 06:31 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe <br/>2013-04-10 06:31 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe <br/>2013-04-10 06:31 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll <br/>2013-04-10 06:31 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe <br/>2013-04-10 06:24 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys <br/>2013-03-29 00:37 . 2013-03-29 00:37 -------- d-----w- c:\users\Deb\AppData\Roaming\Malwarebytes <br/>2013-03-29 00:37 . 2013-03-29 00:37 -------- d-----w- c:\programdata\Malwarebytes <br/>2013-03-29 00:37 . 2013-03-29 00:37 -------- d-----w- c:\users\Deb\AppData\Local\Programs <br/>2013-03-27 21:00 . 2013-03-27 21:00 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59F07645-ACF9-4912-A061-AE8A9689A50D}\gapaengine.dll <br/>2013-03-27 20:58 . 2013-04-15 19:50 -------- d-----w- c:\program files\Microsoft Security Client <br/>2013-03-27 20:10 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll <br/>2013-03-27 20:10 . 2013-03-27 20:10 -------- d-----w- c:\program files\Open Freely <br/>2013-03-26 15:17 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7398C72E-1D00-45DC-9401-4FE6A30B5495}\mpengine.dll <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2013-04-12 22:13 . 2012-06-16 12:10 782240 ----a-w- c:\windows\system32\deployJava1.dll <br/>2013-04-12 22:13 . 2012-06-16 12:10 861088 ----a-w- c:\windows\system32\npDeployJava1.dll <br/>2013-04-02 10:33 . 2012-06-16 10:39 237088 ------w- c:\windows\system32\MpSigStub.exe <br/>2013-03-14 09:02 . 2013-03-14 09:02 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys <br/>2013-02-13 22:53 . 2013-02-13 22:53 5105904 ----a-w- c:\windows\uninst.exe <br/>2013-02-12 04:48 . 2013-03-13 17:07 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll <br/>2013-02-12 04:48 . 2013-03-13 17:07 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll <br/>2013-01-20 22:59 . 2013-01-20 22:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys <br/>2013-01-20 22:59 . 2013-01-20 22:59 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys <br/>2013-01-16 02:49 . 2012-06-28 19:52 23872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe <br/>. <br/>. <br/>------- Sigcheck ------- <br/>Note: Unsigned files aren't necessarily malware. <br/>. <br/>[-] 2012-06-16 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll <br/>[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown
Posted 4/15/2013 8:03 PM
#95433
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"ConsentPromptBehaviorAdmin"= 5 (0x5) <br/>"ConsentPromptBehaviorUser"= 3 (0x3) <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] <br/>@="Service" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] <br/>2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe <br/>. <br/>R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [x] <br/>R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x] <br/>R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x] <br/>R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] <br/>R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] <br/>R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] <br/>R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] <br/>R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] <br/>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] <br/>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] <br/>R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] <br/>R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] <br/>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] <br/>S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x] <br/>S0 aswNdis2;avast! Firewall Core Firewall Service; [x] <br/>S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] <br/>S1 aswFW;avast! TDI Firewall driver; [x] <br/>S1 aswKbd;aswKbd; [x] <br/>S1 aswSnx;aswSnx; [x] <br/>S1 aswSP;aswSP; [x] <br/>S1 MpKsldab5a86d;MpKsldab5a86d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFBB14C3-D75B-4EF8-833E-548A092CD7A5}\MpKsldab5a86d.sys [x] <br/>S2 aswFsBlk;aswFsBlk; [x] <br/>S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] <br/>S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] <br/>S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x] <br/>S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x] <br/>. <br/>. <br/>--- Other Services/Drivers In Memory --- <br/>. <br/>*NewlyCreated* - WS2IFSL <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] <br/>LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc <br/>GPSvcGroup REG_MULTI_SZ GPSvc <br/>iissvcs REG_MULTI_SZ w3svc was <br/>apphost REG_MULTI_SZ apphostsvc <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] <br/>2013-04-09 21:10 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-28 07:47] <br/>. <br/>2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-28 07:47] <br/>. <br/>2013-04-06 c:\windows\Tasks\SpeedyPC Pro.job <br/>- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-31 18:06] <br/>. <br/>2013-04-14 c:\windows\Tasks\SpeedyPC Pro_sch_EBA6683F-34B1-11E2-B25F-001921A7F77D.job <br/>- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-31 18:06] <br/>. <br/>2013-04-14 c:\windows\Tasks\SpeedyPC Registration3.job <br/>- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2013-03-28 18:41] <br/>. <br/>2013-04-15 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job <br/>- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-28 18:41] <br/>. <br/>2013-03-29 c:\windows\Tasks\SpeedyPC Update Version3.job <br/>- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-28 18:41] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>Trusted Zone: facebook.com <br/>Trusted Zone: msn.com\www <br/>TCP: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115 <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file) <br/>ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) <br/>HKU-Default-Run-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe <br/>MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe <br/>MSConfigStartUp-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe <br/>MSConfigStartUp-Google Update - c:\users\Deb\AppData\Local\Google\Update\GoogleUpda
Posted 4/15/2013 8:04 PM
#95434
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
- - - - ORPHANS REMOVED - - - - <br/>. <br/>URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file) <br/>ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) <br/>HKU-Default-Run-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe <br/>MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe <br/>MSConfigStartUp-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe <br/>MSConfigStartUp-Google Update - c:\users\Deb\AppData\Local\Google\Update\GoogleUpdate.exe <br/>MSConfigStartUp-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe <br/>MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe <br/>AddRemove-Advanced SystemCare 6_is1 - c:\program files\IObit\Advanced SystemCare 6\unins000.exe <br/>. <br/>. <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] <br/>@Denied: (2) (LocalSystem) <br/>. <br/>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] <br/>@Denied: (2) (LocalSystem) <br/>"Timestamp"=hex:41,e2,36,db,af,73,cd,01 <br/>. <br/>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] <br/>@Denied: (2) (LocalSystem) <br/>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, <br/> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,7f,cc,3a,c0,05,59,44,ba,b9,4b,\ <br/>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, <br/> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,7f,cc,3a,c0,05,59,44,ba,b9,4b,\ <br/>. <br/>[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] <br/>@Denied: (A) (Users) <br/>@Denied: (A) (Everyone) <br/>@Allowed: (B 1 2 3 4 5) (S-1-5-20) <br/>"BlindDial"=dword:00000000 <br/>. <br/>[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] <br/>@Denied: (Full) (Everyone) <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\windows\system32\Ati2evxx.exe <br/>c:\windows\system32\AUDIODG.EXE <br/>c:\windows\system32\Ati2evxx.exe <br/>c:\windows\system32\taskhost.exe <br/>c:\windows\system32\fxssvc.exe <br/>c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe <br/>c:\windows\System32\WUDFHost.exe <br/>c:\windows\system32\conhost.exe <br/>c:\program files\Windows Media Player\wmpnetwk.exe <br/>c:\\?\c:\windows\system32\wbem\WMIADAP.EXE <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2013-04-15 12:57:17 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2013-04-15 19:57 <br/>. <br/>Pre-Run: 46,584,754,176 bytes free <br/>Post-Run: 46,075,461,632 bytes free <br/>. <br/>- - End Of File - - CB89B99D8ABEDDDC57220F1433348DCF
Posted 4/16/2013 6:56 AM
#95436
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Yes, it is a good thing, and the log looks clean to me :smile: </div> <br/> <br/> <br/> <br/>How are Things running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/16/2013 7:22 AM
#95438
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
I´m sorry to be bearer of bad news</div>. <br/> <br/>But there is not enough RAM in your computer to run win7 properly. <br/> <br/>You have 1.44GB of RAM, which should be minimun 3 or 4GB RAM. <br/> <br/> <br/>See if mediacenter are turned on, as described here: <br/>http://www.sevenforums.com/tutorials/5023-windows-features-turn-off.html

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/17/2013 4:30 AM
#95442
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
There's one more thing I'd like to know, I will try and explain the best I can, hopefully you can help. At first I had windows 7 Home on here and my PC ran great, but after a while I put windows 7 Ultimate on here, that's when I started having problems. When I changed to Ultimate I noticed all the things that I had on 7 Home were gone. I had to reinstall everything like Flashplayer, Avast, Advanced System Care, etc. Even my pics. But I'm thinking that all that stuff was still on here, somewhere. But now I'm thinking it might be on here twice and using up more of my hard drive, does this make sense? I don't believe I backed up anything when I switched over, so if all my pics are still in my PC, somewhere, how do I find them and bring them over to Ultimate? I have tried using Windows Easy Transfer, but it's not all that easy. I just can't figure Easy Transfer out, I know I have a file where all those things are saved at, but when I try and open the file, it won't open and I don't know how to bring them over to Ultimate?? I hope this makes sense, and I hope you can help. Thank you Deb
Posted 4/18/2013 1:33 AM
#95447
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
If I understand it correctly, then you should have a "Windows. Old" folder on the C drive, <span class="hps">where the "old" data is stored.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/18/2013 10:41 AM
#95450
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
If you still have something from the previous installation, you should be able to find them with "Search Everything":</div> <br/> <br/>http://www.voidtools.com/

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/22/2013 4:19 AM
#95478
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
What´s the name of the huge file ? <br/> <br/> <br/>If you remember the name/s of (some) of the Picture files, type the name in the "Everything´s" search box, and hit Enter.............

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/22/2013 9:11 AM
#95481
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
"backdoor stuff plus more is back on my PC"</div> <br/> <br/> <br/> <br/>How did you do it ? <br/> <br/> <br/> <br/> <br/> <br/><span lang="EN" style="color: black; font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN;">I need to get a comprehensive report of what is present on your computer. <br/><o:p></o:p> <br/> <br/> <br/><o:p> </o:p> <br/> <br/> <br/>Download <span style="mso-bidi-font-weight: bold;">OTL by OldTimer, <br/>saving it to your desktop: <span lang="EN-GB" style="color: black; mso-ansi-language: EN-GB;">http://oldtimer.geekstogo.com/OTL.exe<o:p></o:p> <br/> <br/> <br/><o:p> </o:p> <br/> <br/> <br/><o:p> </o:p> <br/> <br/> <br/><o:p> </o:p> <br/> <br/> <br/><ul type="disc"> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l1 level1 lfo1; tab-stops: list 36.0pt;"><span lang="EN-GB" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN-GB;">Double click on the icon to run it. Make <br/> sure all other windows are closed and to let it run uninterrupted.<o:p></o:p></li> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l1 level1 lfo1; tab-stops: list 36.0pt;"><span style="font-family: Tahoma; font-size: 10pt;">Select <br/> All Users<o:p></o:p></li> <br/></ul> <br/> <br/><ul type="disc"> <br/> <li class="MsoNormal" style="background: white; margin: 0cm 15pt 0pt 0cm; line-height: 13.5pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo2; tab-stops: list 36.0pt;"><o:p> </o:p></li> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo2; tab-stops: list 36.0pt;">Click the <span class="bbcu1">Quick Scan <br/> button. Do not change any settings unless otherwise told to do so. The scan wont take long.<o:p></o:p></li> <br/></ul> <br/> <br/><ul type="disc"> <br/> <ul type="disc"> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level2 lfo3; tab-stops: list 72.0pt;"><span lang="EN-GB" style="font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN-GB;">When the scan completes, it will open two <br/> notepad windows. OTL.Txt and Extras.Txt. <br/> These are saved in the same location as OTL.<o:p></o:p></li> <br/> <li class="MsoNormal" style="background: rgb(231, 234, 239); margin: 0cm 0cm 0pt; color: black; line-height: 16.8pt; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level2 lfo3; tab-stops: list 72.0pt;"><span style="font-family: Tahoma; font-size: 10pt;">Post <br/> both logs<o:p></o:p></li> <br/> </ul> <br/></ul> <br/> <br/>NOW<o:p></o:p> <br/> <br/> <br/><span lang="EN-GB" style='color: black; font-family: Tahoma; font-size: 10pt; mso-ansi-language: EN-GB; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: DA; mso-bidi-language: AR-SA;'><br style="mso-special-character: line-break;"> <br/><!--[if !supportLineBreakNewLine]--><br style="mso-special-character: line-break;"> <br/><!--[endif]-->

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/22/2013 5:22 PM
#95486
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
Ok I am posting everything that came up, and I don't know how I did it, I wish I knew...and I am the only user on my PC so I don't understand it. <br/> <br/> <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deb\Downloads <br/> Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation <br/>Internet Explorer (Version = 9.0.8112.16421) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>1.44 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.28% Memory free <br/>2.87 Gb Paging File | 2.09 Gb Available in Paging File | 72.62% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files <br/>Drive C: | 74.52 Gb Total Space | 43.30 Gb Free Space | 58.10% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: DEB-PC | User Name: Deb | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: All users | Quick Scan <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Processes (SafeList) ==========[/color] <br/> <br/>PRC - [2013/04/22 10:04:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deb\Downloads\OTL (4).exe <br/>PRC - [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe <br/>PRC - [2013/02/20 15:37:48 | 001,611,584 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe <br/>PRC - [2012/12/25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe <br/>PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe <br/>PRC - [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe <br/>PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe <br/>PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe <br/>PRC - [2010/11/20 14:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe <br/> <br/> <br/>[color=#E56717]========== Modules (No Company Name) ==========[/color] <br/> <br/>MOD - [2013/04/09 01:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll <br/>MOD - [2013/04/09 01:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll <br/>MOD - [2013/04/09 01:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll <br/>MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll <br/> <br/> <br/>[color=#E56717]========== Services (SafeList) ==========[/color] <br/> <br/>SRV - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) <br/>SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) <br/>SRV - [2012/06/16 03:20:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) <br/>SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) <br/>SRV - [2010/11/20 14:29:25 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) <br/>SRV - [2010/11/20 14:29:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) <br/>SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) <br/>SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) <br/>SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) <br/> <br/> <br/>[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Deb\AppData\Local\Temp\catchme.sys -- (catchme) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh6.sys -- (BCMH43XX) <br/>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur) <br/>DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) <br/>DRV - [2012/11/24 09:36:15 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) <br/>DRV - [2012/11/24 09:36:15 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) <br/>DRV - [2012/11/24 09:36:15 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) <br/>DRV - [2012/11/24 09:36:15 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) <br/>DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) <br/>DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) <br/>DRV - [2012/10/30 16:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2) <br/>DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) <br/>DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) <br/>DRV - [2012/10/30 16:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW) <br/>DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) <br/>DRV - [2012/10/30 16:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) <br/>DRV - [2012/10/15 09:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) <br/>DRV - [2012/09/28 22:52:10 | 000,064,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) <br/>DRV - [2012/09/21 02:26:08 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis) <br/>DRV - [2012/07/05 13:53:38 | 000,019,832 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter) <br/>DRV - [2012/07/05 13:53:36 | 000,030,640 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter) <br/>DRV - [2012/01/05 18:07:20 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor) <br/>DRV - [2010/11/26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) <br/>DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) <br/>DRV - [2010/11/20 14:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) <br/>DRV - [2010/11/20 14:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) <br/>DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) <br/>DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) <br/>DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) <br/>DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) <br/>DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) <br/>DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) <br/>DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) <br/>DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) <br/>DRV - [2007/06/13 19:28:12 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) <br/> <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
Posted 4/22/2013 5:23 PM
#95487
User avatar

Deb1957 Advanced member

Date Joined Nov 2016
Total Posts: 76
[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} <br/>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC <br/> <br/> <br/>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/> <br/> <br/>IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US <br/>IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 72 E9 4E DF 2C CE 01 [binary data] <br/>IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} <br/>IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC <br/>IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\..\SearchScopes\{40C2A0B8-6415-4A0A-B0C5-629A827DC60A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=803CBF92-F69B-4A08-9C4F-84DF9329B33D&apn_sauid=DB49D863-6524-48DD-8632-5CB53EB2D551 <br/>IE - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/> <br/>[color=#E56717]========== FireFox ==========[/color] <br/> <br/>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found <br/>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) <br/> <br/> <br/> <br/>[color=#E56717]========== Chrome ==========[/color] <br/> <br/>CHR - default_search_provider: Google (Enabled) <br/>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} <br/>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, <br/>CHR - homepage: http://www.facebook.com/?ref=tn_tnmn <br/>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll <br/>CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer <br/>CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll <br/>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll <br/>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll <br/>CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll <br/>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll <br/>CHR - Extension: Ask Toolbar = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_1\ <br/>CHR - Extension: Google Docs = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ <br/>CHR - Extension: Google Drive = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ <br/>CHR - Extension: YouTube = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ <br/>CHR - Extension: Google Search = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ <br/>CHR - Extension: Mahjongg = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop\1.0.0.2_0\ <br/>CHR - Extension: Mahjong Master = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghchjojloakfbboibnfnleloeamkkgf\1.0.0_0\ <br/>CHR - Extension: Gmail = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ <br/> <br/>O1 HOSTS File: ([2013/04/15 12:51:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts <br/>O1 - Hosts: 127.0.0.1 localhost <br/>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) <br/>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) <br/>O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) <br/>O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit) <br/>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 <br/>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O15 - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\..Trusted Domains: facebook.com ([]https in Trusted sites) <br/>O15 - HKU\S-1-5-21-4216843833-412647263-3209295910-1000\..Trusted Domains: msn.com ([www] https in Trusted sites) <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C223E65-F1FA-43B6-9B8E-B05403437BF3}: DhcpNameServer = 192.168.2.1 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00B72E7-9192-48F5-B9CF-D452C8440760}: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115 <br/>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) <br/>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. <br/>O32 - HKLM CDRom: AutoRun - 1 <br/>O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] <br/>O34 - HKLM BootExecute: (autocheck autochk *) <br/>O35 - HKLM\..comfile [open] -- "%1" %* <br/>O35 - HKLM\..exefile [open] -- "%1" %* <br/>O37 - HKLM\...com [@ = ComFile] -- "%1" %* <br/>O37 - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) <br/>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) <br/> <br/>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] <br/> <br/>[2013/04/21 10:13:41 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything <br/>[2013/04/21 10:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Everything <br/>[2013/04/18 02:00:37 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\DriverCure <br/>[2013/04/18 02:00:34 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\SpeedyPC Software <br/>[2013/04/15 22:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter <br/>[2013/04/15 12:57:20 | 000,000,000 | ---D | C] -- C:\Windows\temp <br/>[2013/04/15 12:52:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN <br/>[2013/04/15 12:11:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe <br/>[2013/04/15 12:11:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe <br/>[2013/04/15 12:11:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe <br/>[2013/04/15 12:08:26 | 000,000,000 | ---D | C] -- C:\Qoobox <br/>[2013/04/15 12:08:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt <br/>[2013/04/14 12:22:38 | 000,000,000 | ---D | C] -- C:\_OTL <br/>[2013/04/12 15:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java <br/>[2013/04/12 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java <br/>[2013/04/12 13:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner <br/>[2013/03/28 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Malwarebytes <br/>[2013/03/28 17:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes <br/>[2013/03/28 17:37:12 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\Programs <br/>[2013/03/27 13:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client <br/>[2013/03/27 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely <br/>[2013/03/27 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2013/04/22 09:53:18 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job <br/>[2013/04/22 07:29:02 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job <br/>[2013/04/22 07:28:47 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job <br/>[2013/04/22 07:28:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat <br/>[2013/04/22 07:28:15 | 1157,128,192 | -HS- | M] () -- C:\hiberfil.sys <br/>[2013/04/22 02:00:23 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_EBA6683F-34B1-11E2-B25F-001921A7F77D.job <br/>[2013/04/21 18:00:01 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job <br/>[2013/04/21 15:49:51 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat <br/>[2013/04/21 15:49:51 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat <br/>[2013/04/21 11:06:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 <br/>[2013/04/21 11:06:56 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 <br/>[2013/04/20 01:12:33 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job <br/>[2013/04/19 09:03:55 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job <br/>[2013/04/19 05:45:39 | 000,001,159 | ---- | M] () -- C:\Users\Deb\Desktop\SpeedyPC Pro.lnk <br/>[2013/04/15 22:51:27 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk <br/>[2013/04/15 12:51:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts <br/>[2013/04/15 12:09:51 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif <br/>[2013/04/12 13:42:13 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk <br/>[2013/04/10 08:54:41 | 000,269,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT <br/>[2013/04/09 14:12:07 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk <br/> <br/>[color=#E56717]========== Files Created - No Company Name ==========[/color] <br/> <br/>[2013/04/15 22:51:27 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk <br/>[2013/04/15 12:11:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe <br/>[2013/04/15 12:11:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe <br/>[2013/04/15 12:11:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 10, 2016, 6:11 AM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,969 registered members. Please welcome our newest member, Heisenberg.
There are currently no users on-line.