Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slow, web pages very slow to load [Solved]


  • This topic is locked This topic is locked

#16
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I had to rerun Combofix because there was no log. Here are the results:

ComboFix 13-08-25.01 - Admin 08/27/2013 6:34.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1790.518 [GMT -4:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CouponAlert_2pEI
c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll
c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll
c:\program files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
c:\program files\TotalRecipeSearch_14EI
c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll
c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll
c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll
c:\users\Admin\Documents\pptC654.tmp
c:\users\Public\Documents\~WRL0003.tmp
c:\users\Public\Documents\~WRL0005.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-07-27 to 2013-08-27 )))))))))))))))))))))))))))))))
.
.
2013-08-27 11:31 . 2013-08-27 11:32 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-08-27 11:31 . 2013-08-27 11:31 -------- d-----w- c:\users\vingalls\AppData\Local\temp
2013-08-27 11:31 . 2013-08-27 11:31 -------- d-----w- c:\users\slogicadmin\AppData\Local\temp
2013-08-27 11:31 . 2013-08-27 11:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-27 10:31 . 2013-08-27 10:31 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{173EB734-EA89-40B8-894B-C185A2196C76}\offreg.dll
2013-08-27 10:07 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{173EB734-EA89-40B8-894B-C185A2196C76}\mpengine.dll
2013-08-23 23:11 . 2013-01-17 20:24 1136512 ----a-w- c:\windows\system32\PuranFD.exe
2013-08-23 23:11 . 2013-01-17 20:23 260992 ----a-w- c:\windows\system32\PuranDefragS.exe
2013-08-23 23:11 . 2013-01-17 20:23 109952 ----a-w- c:\windows\system32\PuranDefragBT.exe
2013-08-23 23:11 . 2013-01-17 20:23 257408 ----a-w- c:\windows\system32\PuranDC.exe
2013-08-23 23:11 . 2012-12-13 16:09 219520 ----a-w- c:\windows\system32\PuranDefrag.dll
2013-08-23 23:11 . 2013-08-23 23:11 -------- d-----w- c:\program files\Puran Defrag
2013-08-22 17:58 . 2013-08-22 17:58 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2013-08-22 17:57 . 2013-08-22 17:57 -------- d-----w- c:\programdata\Malwarebytes
2013-08-22 17:57 . 2013-08-22 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-22 17:57 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-22 15:43 . 2013-08-22 15:43 -------- d-----w- C:\_OTL
2013-08-21 00:32 . 2013-08-22 15:31 -------- d-----w- C:\AdwCleaner
2013-08-21 00:29 . 2013-08-21 00:29 17139080 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-08-18 18:27 . 2013-08-18 18:27 -------- d-----w- c:\windows\system32\MpEngineStore
2013-08-18 18:13 . 2013-08-18 18:13 -------- d-----w- C:\b62e6110dad360ca0156c3f548a9c0
2013-08-17 01:00 . 2013-08-17 01:00 -------- d-----w- C:\ddae796237252042a0f35e4aeebe
2013-08-16 19:21 . 2013-07-26 03:13 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-16 19:21 . 2013-07-26 03:49 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-08-16 19:21 . 2013-07-26 03:13 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-08-14 14:29 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 14:29 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 14:29 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 14:29 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 14:29 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 14:28 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 14:28 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 14:28 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 14:23 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 00:30 . 2012-06-10 17:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 00:30 . 2012-03-08 02:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-18 00:02 . 2013-07-18 00:02 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-18 00:02 . 2013-07-18 00:02 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-18 00:02 . 2013-07-18 00:02 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-18 00:02 . 2013-07-18 00:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-07-18 00:02 . 2013-07-18 00:02 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-07-18 00:02 . 2013-07-18 00:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-18 00:02 . 2013-07-18 00:02 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-07-18 00:02 . 2013-07-18 00:02 361984 ----a-w- c:\windows\system32\html.iec
2013-07-18 00:02 . 2013-07-18 00:02 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-18 00:02 . 2013-07-18 00:02 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-07-18 00:02 . 2013-07-18 00:02 158720 ----a-w- c:\windows\system32\msls31.dll
2013-07-18 00:02 . 2013-07-18 00:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-07-18 00:02 . 2013-07-18 00:02 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-18 00:02 . 2013-07-18 00:02 138752 ----a-w- c:\windows\system32\wextract.exe
2013-07-18 00:02 . 2013-07-18 00:02 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-18 00:02 . 2013-07-18 00:02 12800 ----a-w- c:\windows\system32\mshta.exe
2013-07-18 00:02 . 2013-07-18 00:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-17 23:59 . 2013-07-17 23:59 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-07-17 23:59 . 2013-07-17 23:59 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-17 23:59 . 2013-07-17 23:59 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-17 23:59 . 2013-07-17 23:59 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-17 23:59 . 2013-07-17 23:59 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-07-17 23:59 . 2013-07-17 23:59 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-07-17 23:59 . 2013-07-17 23:59 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-17 23:59 . 2013-07-17 23:59 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-17 23:59 . 2013-07-17 23:59 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-17 23:59 . 2013-07-17 23:59 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-17 23:59 . 2013-07-17 23:59 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-17 23:59 . 2013-07-17 23:59 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-07-17 23:59 . 2013-07-17 23:59 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-17 23:59 . 2013-07-17 23:59 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-17 23:59 . 2013-07-17 23:59 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-07-17 23:59 . 2013-07-17 23:59 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-05 03:05 . 2013-07-12 00:03 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-12 00:17 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DesktopAuthority User Experience"="c:\program files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.UserExperience.exe" [2010-02-02 137216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-01-26 237568]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-06-04 296056]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-19 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
"MaxGPOScriptWait"= 3600 (0xe10)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1162732432-3846767104-1599142739-1000\Scripts\Logoff\0\0]
"Script"=SLlogoffScript.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1786704334-1080620903-3496478664-5530\Scripts\Logoff\0\0]
"Script"=SLlogoffScript.cmd
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 C771BUS;CASIO C771 USB Composite Device Driver;c:\windows\system32\DRIVERS\C771BUS.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbus.sys [2010-06-21 78720]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2010-06-21 201088]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2010-06-21 156544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-18 1343400]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2013-01-17 260992]
S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [2009-07-30 345336]
S2 ScriptLogic CBM Service;ScriptLogic CBM Service;c:\program files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.Agent.exe [2010-02-02 420352]
S2 SLClient;ScriptLogic Service;c:\program files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\SLClient.exe [2010-02-02 552288]
S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\qcfilterhp.sys [2009-07-30 5248]
S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\DRIVERS\qcusbnethp.sys [2009-07-30 115200]
S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbserhp.sys [2009-07-30 104448]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 00:30]
.
2013-02-21 c:\windows\Tasks\Norton Security Scan for Admin.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-06-04 08:30]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b80f591e-fe9a-46cf-a13e-180377240586} - (no file)
Toolbar-10 - (no file)
WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-DriverScanner - c:\program files\UpdateDriver\launcher.exe
HKCU-Run-attcm.exe - c:\program files\AT&T\AT&T Communication Manager\attcm.exe
SafeBoot-Wdf01000.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-27 07:58:49
ComboFix-quarantined-files.txt 2013-08-27 11:58
.
Pre-Run: 116,807,929,856 bytes free
Post-Run: 116,750,266,368 bytes free
.
- - End Of File - - AEDAC7015B57DC28C15415F14ED179E1
A36C5E4F47E84449FF07ED3517B43A31
  • 0

Advertisements


#17
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Good job. Any changes on your system after Combofix? I don't see anything bad in Combofix log.
  • 0

#18
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Not really any faster. It took 25 minutes from the time I turned the computer on until I loaded the geekstogo.com page. The hard drive light was going crazy the whole time.
  • 0

#19
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

The hard drive light was going crazy the whole time.


This is usually sign that PIO mode (slow mode) is enabled on your HDD. Let's check this out.

Follow these steps to enable DMA (Direct Memory Access) mode:

Please go to Control panel then Device manager

  • From the list expand IDE ATA/ATAPI controllers
  • Double click on first ATA channel (ATA shannel 0)
  • Click on Advanced settings tab
  • Check Enable DMA if it unchecked
  • Do this with all ATA channels
  • Restart you system after this
How is your system now?

If you can't find this option then you are using SATA HDD. Let me know results.
  • 0

#20
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Enable DNA was already checked. Still seems sluggish. It takes a while for web pages to load. The hard drive light is still constantly flashing.

Edited by strew1221, 28 August 2013 - 08:56 PM.

  • 0

#21
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please restart in Safe mode with networking:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Try to load pages now. If you don't see problems like in normal mode then let's try this step:

Start windows normally and click on Start and then to Run

Type in msconfig and press Enter
Now click on Startups
Then uncheck everything and press Apply button.
Restart your system now

If system boots correctly and is running smoothly and faster then we have a startup problem
Try going back into msconfig and check one item and reboot
Keep doing that till you have found the problem or all are finally checked.
Post back with the results
  • 0

#22
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I ran msconfig and unchecked all items under the startup tab. Windows rebooted and the following message popped up in a box:

Failed to connect to a windows service. Windows could not connect to the Group Policy Client Service. This problem prevents standard users from logging onto the system. As an administrative user you can review System Event Log for details about why the service didn't respond.

Things actually seem worse since unchecking all items. It's alot slower. I'm actually responding from another computer because internet explorer is taking forever to load.

I get alot of "Windows Internet Explorer (Not Responding)when navigating through webpages.
  • 0

#23
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi strew1221,

I think you hit the wrong tab. You must uncheck everything in Startups tab NOT IN Services tab. Double check instructions and your steps.

Please restart in Safe mode and try to check everything back as it was then restart your system to check if everything is working as before this last step.
  • 0

#24
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I double checked and it was everything in the startup tab that i unchecked. When I turned the computer on this morning I didn't get the windows service message.
I have a another laptop (which I'm using to post my responses) that is 6 years older than the one I'm trying to fix. I started both of them at the same time and my older laptop was up and ready at least 6 minutes quicker than the newer one.
  • 0

#25
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi strew1221,

Because I can't find any malware problem I will ask you to open new topic in Windows Vista™ and Windows 7™. There I guys that can help you more then me with your system.

Give them link to this topic and tell them that we clean your system from malware but you problem still exists. I will also leave this topic open in case something comes out.
  • 0

Advertisements


#26
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Ok, thank you so much for your help. I really appreciate it. How do I link to my old topic in the new one?
  • 0

#27
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi strew1221,

Looks like infection is back. Let's try to find it and remove again.

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, aswMBR will save additional file named MBR.dat. Attach it to your next reply

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#28
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
My ComboFix log:

ComboFix 13-09-10.03 - Admin 09/11/2013 21:48:46.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1790.624 [GMT -4:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\7c016ed97f89e662ce88ec874c253f9a_c
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-08-12 to 2013-09-12 )))))))))))))))))))))))))))))))
.
.
2013-09-12 02:07 . 2013-09-12 02:07 -------- d-----w- c:\users\vingalls\AppData\Local\temp
2013-09-12 02:07 . 2013-09-12 02:07 -------- d-----w- c:\users\slogicadmin\AppData\Local\temp
2013-09-12 02:07 . 2013-09-12 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-12 02:07 . 2013-09-12 02:07 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-09-12 01:20 . 2013-09-12 01:20 -------- d-----w- c:\users\Admin\AppData\Roaming\RealNetworks
2013-09-09 02:52 . 2013-08-30 07:48 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-09 02:52 . 2013-08-30 07:48 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-09 02:52 . 2013-08-30 07:48 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-09 02:52 . 2013-08-30 07:48 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-09 02:52 . 2013-08-30 07:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-09 02:52 . 2013-08-30 07:48 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-09 02:52 . 2013-08-30 07:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-09 02:52 . 2013-08-30 07:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-09 02:52 . 2013-08-30 07:47 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-09 02:39 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-09 02:37 . 2013-09-09 02:37 -------- d-----w- c:\program files\AVAST Software
2013-09-09 02:36 . 2013-09-09 02:37 -------- d-----w- c:\programdata\AVAST Software
2013-08-29 19:43 . 2013-08-29 19:43 -------- d-----w- c:\users\Admin\AppData\Local\Macromedia
2013-08-27 10:07 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{173EB734-EA89-40B8-894B-C185A2196C76}\mpengine.dll
2013-08-23 23:11 . 2013-01-17 20:24 1136512 ----a-w- c:\windows\system32\PuranFD.exe
2013-08-23 23:11 . 2013-01-17 20:23 260992 ----a-w- c:\windows\system32\PuranDefragS.exe
2013-08-23 23:11 . 2013-01-17 20:23 109952 ----a-w- c:\windows\system32\PuranDefragBT.exe
2013-08-23 23:11 . 2013-01-17 20:23 257408 ----a-w- c:\windows\system32\PuranDC.exe
2013-08-23 23:11 . 2012-12-13 16:09 219520 ----a-w- c:\windows\system32\PuranDefrag.dll
2013-08-23 23:11 . 2013-08-23 23:11 -------- d-----w- c:\program files\Puran Defrag
2013-08-22 17:58 . 2013-08-22 17:58 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2013-08-22 17:57 . 2013-08-22 17:57 -------- d-----w- c:\programdata\Malwarebytes
2013-08-22 15:43 . 2013-08-22 15:43 -------- d-----w- C:\_OTL
2013-08-21 00:32 . 2013-08-22 15:31 -------- d-----w- C:\AdwCleaner
2013-08-18 18:27 . 2013-08-18 18:27 -------- d-----w- c:\windows\system32\MpEngineStore
2013-08-18 18:13 . 2013-08-18 18:13 -------- d-----w- C:\b62e6110dad360ca0156c3f548a9c0
2013-08-17 01:00 . 2013-08-17 01:00 -------- d-----w- C:\ddae796237252042a0f35e4aeebe
2013-08-16 19:21 . 2013-07-26 03:13 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-16 19:21 . 2013-07-26 03:49 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-08-16 19:21 . 2013-07-26 03:13 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-08-14 14:29 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 14:29 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 14:29 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 14:29 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 14:29 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 14:28 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 14:28 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 14:28 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 14:23 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-12 01:24 . 2012-06-10 17:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-12 01:24 . 2012-03-08 02:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-18 00:02 . 2013-07-18 00:02 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-18 00:02 . 2013-07-18 00:02 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-18 00:02 . 2013-07-18 00:02 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-18 00:02 . 2013-07-18 00:02 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-07-18 00:02 . 2013-07-18 00:02 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-07-18 00:02 . 2013-07-18 00:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-18 00:02 . 2013-07-18 00:02 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-07-18 00:02 . 2013-07-18 00:02 361984 ----a-w- c:\windows\system32\html.iec
2013-07-18 00:02 . 2013-07-18 00:02 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-18 00:02 . 2013-07-18 00:02 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-07-18 00:02 . 2013-07-18 00:02 158720 ----a-w- c:\windows\system32\msls31.dll
2013-07-18 00:02 . 2013-07-18 00:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-07-18 00:02 . 2013-07-18 00:02 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-18 00:02 . 2013-07-18 00:02 138752 ----a-w- c:\windows\system32\wextract.exe
2013-07-18 00:02 . 2013-07-18 00:02 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-18 00:02 . 2013-07-18 00:02 12800 ----a-w- c:\windows\system32\mshta.exe
2013-07-18 00:02 . 2013-07-18 00:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-17 23:59 . 2013-07-17 23:59 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-07-17 23:59 . 2013-07-17 23:59 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-17 23:59 . 2013-07-17 23:59 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-17 23:59 . 2013-07-17 23:59 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-17 23:59 . 2013-07-17 23:59 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-07-17 23:59 . 2013-07-17 23:59 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-07-17 23:59 . 2013-07-17 23:59 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-17 23:59 . 2013-07-17 23:59 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-17 23:59 . 2013-07-17 23:59 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-17 23:59 . 2013-07-17 23:59 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-17 23:59 . 2013-07-17 23:59 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-17 23:59 . 2013-07-17 23:59 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-17 23:59 . 2013-07-17 23:59 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-07-17 23:59 . 2013-07-17 23:59 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-17 23:59 . 2013-07-17 23:59 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-17 23:59 . 2013-07-17 23:59 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-07-17 23:59 . 2013-07-17 23:59 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-01-26 237568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"DesktopAuthority User Experience"="c:\program files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.UserExperience.exe" [2010-02-02 137216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-19 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
"MaxGPOScriptWait"= 3600 (0xe10)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1162732432-3846767104-1599142739-1000\Scripts\Logoff\0\0]
"Script"=SLlogoffScript.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1786704334-1080620903-3496478664-5530\Scripts\Logoff\0\0]
"Script"=SLlogoffScript.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 19:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopAuthority User Experience]
2010-02-02 15:31 137216 ----a-w- c:\program files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.UserExperience.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 18:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Application Helper]
2012-01-31 23:35 892928 ----a-w- c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-13 05:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-04 02:37 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 C771BUS;CASIO C771 USB Composite Device Driver;c:\windows\system32\DRIVERS\C771BUS.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbus.sys [2010-06-21 78720]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2010-06-21 201088]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2010-06-21 156544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-18 1343400]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2013-01-17 260992]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]
S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [2009-07-30 345336]
S2 ScriptLogic CBM Service;ScriptLogic CBM Service;c:\program files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.Agent.exe [2010-02-02 420352]
S2 SLClient;ScriptLogic Service;c:\program files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\SLClient.exe [2010-02-02 552288]
S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\qcfilterhp.sys [2009-07-30 5248]
S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\DRIVERS\qcusbnethp.sys [2009-07-30 115200]
S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbserhp.sys [2009-07-30 104448]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 01:25]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-11 22:24:51
ComboFix-quarantined-files.txt 2013-09-12 02:24
ComboFix2.txt 2013-08-27 11:59
.
Pre-Run: 115,446,329,344 bytes free
Post-Run: 115,339,714,560 bytes free
.
- - End Of File - - DE520BBB9061C8C232F196DA12DBDC38
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#29
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Thank you for coming back to help me again!

My aswMBR Log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-11 22:37:16
-----------------------------
22:37:16.272 OS Version: Windows 6.1.7601 Service Pack 1
22:37:16.273 Number of processors: 2 586 0x1C02
22:37:16.384 ComputerName: RCRUM-MINI UserName: Admin
22:37:24.678 Initialize success
22:37:27.799 AVAST engine defs: 13091101
22:37:40.457 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
22:37:40.470 Disk 0 Vendor: ST916031 0005 Size: 152627MB BusType: 3
22:37:40.485 Device \Driver\nvstor32 -> MajorFunction 8616cc10
22:37:40.506 Disk 0 MBR read successfully
22:37:40.534 Disk 0 MBR scan
22:37:41.183 Disk 0 Windows 7 default MBR code
22:37:41.217 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:37:42.084 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
22:37:42.161 Disk 0 scanning sectors +312579760
22:37:42.890 Disk 0 scanning C:\Windows\system32\drivers
22:38:17.080 Service scanning
22:39:10.293 Modules scanning
22:39:34.904 Disk 0 trace - called modules:
22:39:35.368 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8616cc10]<<
22:39:35.401 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fcf030]
22:39:35.431 3 CLASSPNP.SYS[88a6259e] -> nt!IofCallDriver -> [0x85db1438]
22:39:35.461 5 ACPI.sys[834bb3d4] -> nt!IofCallDriver -> \Device\0000006b[0x85db2c68]
22:39:35.492 \Driver\nvstor32[0x8628ed30] -> IRP_MJ_CREATE -> 0x8616cc10
22:39:37.084 AVAST engine scan C:\Windows
22:39:42.801 AVAST engine scan C:\Windows\system32
22:48:13.798 AVAST engine scan C:\Windows\system32\drivers
22:49:08.905 AVAST engine scan C:\Users\Admin
23:04:02.814 AVAST engine scan C:\ProgramData
23:05:25.833 Scan finished successfully
23:07:57.331 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
23:07:57.367 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

Attached File  MBR.dat   512bytes   66 downloads

Edited by strew1221, 11 September 2013 - 09:27 PM.

  • 0

#30
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi strew1221,

This is why I left topis open. Don't worry. We will try everything to remove this infection.

Step 1

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run 32bit version.

    Plug the flashdrive into the infected PC.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
  • On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Step 2

Please download Zero Access Removal tool by Symantec from HERE and save it to your desktop.

  • Close all programs and doubleclick FixZeroAccess.exe to run the tool.
  • Accept the EULA and click Proceed
  • Allow the tool to restart your computer
  • After restarting it should provide you with a report
  • Please let me know what was the result.

Step 3

Please don't forget to include these items in your reply:

  • FRST log
  • FixZeroAccess log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP