Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slow, web pages very slow to load [Solved]


  • This topic is locked This topic is locked

#31
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
FRST results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 02
Ran by SYSTEM on MININT-071ACMF on 12-09-2013 08:07:24
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [237568 2010-01-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-29] (AVAST Software)
HKLM\...\Run: [DesktopAuthority User Experience] - C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.UserExperience.exe [137216 2010-02-02] (ScriptLogic Software Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKU\vingalls\...\Policies\system: [HideLogoffScripts] 0
HKU\vingalls\...\Policies\system: [HideLogonScripts] 0

========================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-29] (AVAST Software)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [260992 2013-01-17] (Puran Software)
S2 QDLService; C:\QUALCOMM\QDLService\QDLService.exe [345336 2009-07-30] (QUALCOMM, Inc.)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 ScriptLogic CBM Service; C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.Agent.exe [420352 2010-02-02] (ScriptLogic Software Corporation)
S2 SLClient; C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\SLClient.exe [552288 2010-02-02] (ScriptLogic Software Corporation)
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-29] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-29] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-29] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-29] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-29] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-29] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-29] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-29] ()
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S3 QCFilterhp; C:\Windows\System32\DRIVERS\qcfilterhp.sys [5248 2009-07-30] (QUALCOMM Incorporated)
S3 qcusbnethp; C:\Windows\System32\DRIVERS\qcusbnethp.sys [115200 2009-07-30] (QUALCOMM Incorporated)
S3 qcusbserhp; C:\Windows\System32\DRIVERS\qcusbserhp.sys [104448 2009-07-30] (QUALCOMM Incorporated)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbus.sys [78720 2010-06-21] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [201088 2010-06-21] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [156544 2010-06-21] (Sierra Wireless Inc.)
S3 C771BUS; system32\DRIVERS\C771BUS.sys [x]
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]
S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 19:07 - 2013-09-11 19:07 - 00002049 _____ C:\Users\Admin\Desktop\aswMBR.txt
2013-09-11 19:07 - 2013-09-11 19:07 - 00000512 _____ C:\Users\Admin\Desktop\MBR.dat
2013-09-11 18:36 - 2013-09-11 18:36 - 04745728 _____ (AVAST Software) C:\Users\Admin\Desktop\aswMBR.exe
2013-09-11 18:25 - 2013-09-11 18:25 - 00018099 _____ C:\ComboFix.txt
2013-09-11 17:20 - 2013-09-11 17:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\RealNetworks
2013-09-11 17:10 - 2013-09-11 17:10 - 00159576 _____ C:\Windows\Minidump\091113-45786-01.dmp
2013-09-11 17:05 - 2013-09-11 17:05 - 05124599 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2013-09-10 02:30 - 2013-09-10 02:31 - 05299088 _____ (Auslogics Labs Pty Ltd ) C:\Users\Admin\Desktop\disk-defrag-setup.exe
2013-09-10 02:29 - 2013-09-10 02:29 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe
2013-09-10 02:27 - 2013-09-10 02:27 - 00049528 _____ C:\Users\Admin\Desktop\AutoRuns.txt
2013-09-10 02:21 - 2013-09-10 02:21 - 00000000 ____D C:\Users\Admin\Desktop\Autoruns
2013-09-10 02:19 - 2013-09-10 02:20 - 00550371 _____ C:\Users\Admin\Desktop\Autoruns.zip
2013-09-08 18:52 - 2013-09-08 18:52 - 00002079 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-08 18:52 - 2013-08-29 23:48 - 00770344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00369584 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00177864 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00066336 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00061680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00056080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00049376 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00029816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-09-08 18:52 - 2013-08-29 23:47 - 00229648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-09-08 18:39 - 2013-08-29 23:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-08 18:37 - 2013-09-08 18:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-08 18:36 - 2013-09-08 18:37 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-08 18:14 - 2013-09-08 18:30 - 131918888 _____ C:\Users\Admin\Desktop\avast_free_antivirus_setup (1).exe
2013-08-29 11:43 - 2013-08-29 11:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Macromedia
2013-08-27 16:55 - 2013-09-11 17:09 - 235703249 _____ C:\Windows\MEMORY.DMP
2013-08-27 16:55 - 2013-08-27 16:55 - 00159576 _____ C:\Windows\Minidump\082713-20904-01.dmp
2013-08-26 04:41 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-26 04:41 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-26 04:41 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-26 04:41 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-26 04:41 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-26 04:41 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-26 04:41 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-26 04:41 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-26 04:40 - 2013-09-11 18:25 - 00000000 ____D C:\Qoobox
2013-08-26 04:25 - 2013-08-27 03:40 - 00000000 ____D C:\Windows\erdnt
2013-08-23 15:25 - 2013-08-23 15:25 - 00006576 ____N C:\bootsqm.dat
2013-08-23 15:11 - 2013-08-23 15:11 - 00001027 _____ C:\Users\Admin\Desktop\Puran Defrag.lnk
2013-08-23 15:11 - 2013-08-23 15:11 - 00000000 ____D C:\Program Files\Puran Defrag
2013-08-23 15:11 - 2013-01-17 12:24 - 01136512 _____ (Puran Software) C:\Windows\System32\PuranFD.exe
2013-08-23 15:11 - 2013-01-17 12:23 - 00260992 _____ (Puran Software) C:\Windows\System32\PuranDefragS.exe
2013-08-23 15:11 - 2013-01-17 12:23 - 00257408 _____ (Puran Software) C:\Windows\System32\PuranDC.exe
2013-08-23 15:11 - 2013-01-17 12:23 - 00109952 _____ (Puran Software) C:\Windows\System32\PuranDefragBT.exe
2013-08-23 15:11 - 2012-12-13 08:09 - 00219520 _____ (Puran Software) C:\Windows\System32\PuranDefrag.dll
2013-08-22 09:58 - 2013-08-22 09:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-08-22 09:57 - 2013-08-22 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 07:43 - 2013-08-22 07:43 - 00000000 ____D C:\_OTL
2013-08-22 05:07 - 2013-08-22 05:07 - 00975858 _____ C:\Users\Admin\Desktop\adwcleaner.exe
2013-08-20 16:43 - 2013-08-20 16:43 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-08-20 16:32 - 2013-08-22 07:31 - 00000000 ____D C:\AdwCleaner
2013-08-18 10:27 - 2013-08-18 10:27 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-08-18 10:13 - 2013-08-18 10:13 - 00000000 ____D C:\b62e6110dad360ca0156c3f548a9c0
2013-08-16 17:00 - 2013-08-16 17:00 - 00000000 ____D C:\ddae796237252042a0f35e4aeebe
2013-08-16 11:22 - 2013-07-25 19:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-16 11:22 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-16 11:22 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-16 11:22 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-16 11:22 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-16 11:21 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-16 11:21 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-16 11:21 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-16 11:21 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-16 11:21 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-15 07:24 - 2013-09-12 04:00 - 00003640 _____ C:\Windows\setupact.log
2013-08-15 07:24 - 2013-08-15 07:24 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 06:29 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 06:29 - 2013-07-08 20:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 06:29 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 06:29 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 06:29 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 06:28 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 06:28 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 06:28 - 2013-07-05 21:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 06:23 - 2013-06-14 19:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-12 04:00 - 2013-08-15 07:24 - 00003640 _____ C:\Windows\setupact.log
2013-09-12 03:59 - 2010-08-18 04:40 - 00167478 _____ C:\Windows\PFRO.log
2013-09-11 19:07 - 2013-09-11 19:07 - 00002049 _____ C:\Users\Admin\Desktop\aswMBR.txt
2013-09-11 19:07 - 2013-09-11 19:07 - 00000512 _____ C:\Users\Admin\Desktop\MBR.dat
2013-09-11 18:36 - 2013-09-11 18:36 - 04745728 _____ (AVAST Software) C:\Users\Admin\Desktop\aswMBR.exe
2013-09-11 18:25 - 2013-09-11 18:25 - 00018099 _____ C:\ComboFix.txt
2013-09-11 18:25 - 2013-08-26 04:40 - 00000000 ____D C:\Qoobox
2013-09-11 18:07 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini
2013-09-11 17:24 - 2012-06-10 09:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-09-11 17:24 - 2012-03-07 18:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-11 17:20 - 2013-09-11 17:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\RealNetworks
2013-09-11 17:19 - 2009-07-13 20:34 - 00016272 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 17:19 - 2009-07-13 20:34 - 00016272 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 17:10 - 2013-09-11 17:10 - 00159576 _____ C:\Windows\Minidump\091113-45786-01.dmp
2013-09-11 17:10 - 2010-09-18 08:49 - 00000000 ____D C:\Windows\Minidump
2013-09-11 17:09 - 2013-08-27 16:55 - 235703249 _____ C:\Windows\MEMORY.DMP
2013-09-11 17:05 - 2013-09-11 17:05 - 05124599 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2013-09-10 02:31 - 2013-09-10 02:30 - 05299088 _____ (Auslogics Labs Pty Ltd ) C:\Users\Admin\Desktop\disk-defrag-setup.exe
2013-09-10 02:29 - 2013-09-10 02:29 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe
2013-09-10 02:27 - 2013-09-10 02:27 - 00049528 _____ C:\Users\Admin\Desktop\AutoRuns.txt
2013-09-10 02:21 - 2013-09-10 02:21 - 00000000 ____D C:\Users\Admin\Desktop\Autoruns
2013-09-10 02:20 - 2013-09-10 02:19 - 00550371 _____ C:\Users\Admin\Desktop\Autoruns.zip
2013-09-08 18:52 - 2013-09-08 18:52 - 00002079 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-08 18:52 - 2009-07-13 18:04 - 00002577 _____ C:\Windows\System32\config.nt
2013-09-08 18:37 - 2013-09-08 18:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-08 18:37 - 2013-09-08 18:36 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-08 18:30 - 2013-09-08 18:14 - 131918888 _____ C:\Users\Admin\Desktop\avast_free_antivirus_setup (1).exe
2013-09-04 16:54 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-09-04 16:13 - 2012-01-07 07:27 - 00000000 ____D C:\ProgramData\Norton
2013-09-03 20:20 - 2010-08-18 04:38 - 02093995 _____ C:\Windows\WindowsUpdate.log
2013-09-03 19:40 - 2010-10-14 12:07 - 00000000 ____D C:\Program Files\Google
2013-08-29 23:48 - 2013-09-08 18:52 - 00770344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00369584 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00177864 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00066336 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00061680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00056080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00049376 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00029816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-08-29 23:47 - 2013-09-08 18:52 - 00229648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-08-29 23:47 - 2013-09-08 18:39 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-29 11:43 - 2013-08-29 11:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Macromedia
2013-08-27 16:55 - 2013-08-27 16:55 - 00159576 _____ C:\Windows\Minidump\082713-20904-01.dmp
2013-08-27 03:59 - 2009-07-13 18:37 - 00000000 __RHD C:\users\Default
2013-08-27 03:59 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2013-08-27 03:40 - 2013-08-26 04:25 - 00000000 ____D C:\Windows\erdnt
2013-08-24 04:54 - 2010-08-18 04:45 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-23 16:45 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-23 15:25 - 2013-08-23 15:25 - 00006576 ____N C:\bootsqm.dat
2013-08-23 15:11 - 2013-08-23 15:11 - 00001027 _____ C:\Users\Admin\Desktop\Puran Defrag.lnk
2013-08-23 15:11 - 2013-08-23 15:11 - 00000000 ____D C:\Program Files\Puran Defrag
2013-08-22 09:58 - 2013-08-22 09:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-08-22 09:57 - 2013-08-22 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 07:43 - 2013-08-22 07:43 - 00000000 ____D C:\_OTL
2013-08-22 07:43 - 2010-08-18 01:43 - 00000000 ____D C:\users\Admin
2013-08-22 07:31 - 2013-08-20 16:32 - 00000000 ____D C:\AdwCleaner
2013-08-22 05:07 - 2013-08-22 05:07 - 00975858 _____ C:\Users\Admin\Desktop\adwcleaner.exe
2013-08-20 16:43 - 2013-08-20 16:43 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-08-18 18:11 - 2012-02-13 17:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Deployment
2013-08-18 10:27 - 2013-08-18 10:27 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-08-18 10:15 - 2013-07-21 20:29 - 00000000 ____D C:\Windows\System32\MRT
2013-08-18 10:14 - 2010-09-08 11:25 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-18 10:13 - 2013-08-18 10:13 - 00000000 ____D C:\b62e6110dad360ca0156c3f548a9c0
2013-08-18 10:12 - 2010-08-18 04:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-18 08:55 - 2013-01-31 11:44 - 00000000 ____D C:\ProgramData\Skype
2013-08-18 08:50 - 2013-01-31 11:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-08-16 17:52 - 2010-08-17 11:51 - 00762960 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-16 17:00 - 2013-08-16 17:00 - 00000000 ____D C:\ddae796237252042a0f35e4aeebe
2013-08-15 07:24 - 2013-08-15 07:24 - 00000000 _____ C:\Windows\setuperr.log

Files to move or delete:
====================
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{24720962-6238-4327-5507-1c30f98e43c1}

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 1789.98 MB
Available physical RAM: 1388.5 MB
Total Pagefile: 1789.98 MB
Available Pagefile: 1386.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:107.3 GB) NTFS
Drive f: (TravelDrive) (Removable) (Total:0.94 GB) (Free:0.84 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (ATTENTION: ===> MBR IS INFECTED. Use FixMbr command in Recovery Mode) (Size: 149 GB) (Disk ID: 62C4ABB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 958 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=958 MB) - (Type=0E)


LastRegBack: 2013-02-20 14:26

==================== End Of Log ============================


I'm now going to run Zero Access Removal tool.
  • 0

Advertisements


#32
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Zero Access Removal tool said there was no infection found. No log came up, it just said that.

Edited by strew1221, 12 September 2013 - 06:45 AM.

  • 0

#33
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
FRST scan showed infection and you have latest version of it. There is a way to remove and we must to a lot of work so please bare with me.

Please note that all three steps need to be run in System Recovery mode

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your data.

Step 2

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Program Files\Google\Desktop\Install\{24720962-6238-4327-5507-1c30f98e43c1}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


On Vista or Windows 7: Now please enter System Recovery Options as you did last time.

Run FRST and press the Fix button just once and wait.
The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.

Step 3

Please enter System Recovery Options again but this time choose Command Prompt option.

When you see Command Prompt window write

bootrec  /fixmbr

Please note that there is space between bootrec and /fixmbr

Now press Enter to execute command.

Step 4

Please run FRST Scan one more time so I can see results of our two steps. Do this as you did first time. Post scan log here for me.

Step 5

Please don't forget to include these items in your reply:

  • FRST Fix log
  • FRST new scan log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#34
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-09-2013 02
Ran by SYSTEM at 2013-09-12 12:00:49 Run:1
Running from E:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
C:\Program Files\Google\Desktop\Install\{24720962-6238-4327-5507-1c30f98e43c1}
*****************

C:\Program Files\Google\Desktop\Install\{24720962-6238-4327-5507-1c30f98e43c1} => Moved successfully.

==== End of Fixlog ====
  • 0

#35
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 02
Ran by SYSTEM on MININT-4ECIOGR on 12-09-2013 12:02:16
Running from E:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [237568 2010-01-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-29] (AVAST Software)
HKLM\...\Run: [DesktopAuthority User Experience] - C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.UserExperience.exe [137216 2010-02-02] (ScriptLogic Software Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKU\vingalls\...\Policies\system: [HideLogoffScripts] 0
HKU\vingalls\...\Policies\system: [HideLogonScripts] 0

========================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-29] (AVAST Software)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [260992 2013-01-17] (Puran Software)
S2 QDLService; C:\QUALCOMM\QDLService\QDLService.exe [345336 2009-07-30] (QUALCOMM, Inc.)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 ScriptLogic CBM Service; C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.Agent.exe [420352 2010-02-02] (ScriptLogic Software Corporation)
S2 SLClient; C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\SLClient.exe [552288 2010-02-02] (ScriptLogic Software Corporation)
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-29] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-29] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-29] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-29] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-29] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-29] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-29] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-29] ()
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S3 QCFilterhp; C:\Windows\System32\DRIVERS\qcfilterhp.sys [5248 2009-07-30] (QUALCOMM Incorporated)
S3 qcusbnethp; C:\Windows\System32\DRIVERS\qcusbnethp.sys [115200 2009-07-30] (QUALCOMM Incorporated)
S3 qcusbserhp; C:\Windows\System32\DRIVERS\qcusbserhp.sys [104448 2009-07-30] (QUALCOMM Incorporated)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbus.sys [78720 2010-06-21] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [201088 2010-06-21] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [156544 2010-06-21] (Sierra Wireless Inc.)
S3 C771BUS; system32\DRIVERS\C771BUS.sys [x]
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]
S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-12 04:21 - 2013-09-12 04:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\FixZeroAccess
2013-09-12 04:18 - 2013-09-12 04:18 - 01805736 _____ (Symantec Corporation) C:\Users\Admin\Desktop\FixZeroAccess.exe
2013-09-11 19:07 - 2013-09-11 19:07 - 00002049 _____ C:\Users\Admin\Desktop\aswMBR.txt
2013-09-11 19:07 - 2013-09-11 19:07 - 00000512 _____ C:\Users\Admin\Desktop\MBR.dat
2013-09-11 18:36 - 2013-09-11 18:36 - 04745728 _____ (AVAST Software) C:\Users\Admin\Desktop\aswMBR.exe
2013-09-11 18:25 - 2013-09-11 18:25 - 00018099 _____ C:\ComboFix.txt
2013-09-11 17:20 - 2013-09-11 17:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\RealNetworks
2013-09-11 17:10 - 2013-09-11 17:10 - 00159576 _____ C:\Windows\Minidump\091113-45786-01.dmp
2013-09-11 17:05 - 2013-09-11 17:05 - 05124599 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2013-09-10 02:30 - 2013-09-10 02:31 - 05299088 _____ (Auslogics Labs Pty Ltd ) C:\Users\Admin\Desktop\disk-defrag-setup.exe
2013-09-10 02:29 - 2013-09-10 02:29 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe
2013-09-10 02:27 - 2013-09-10 02:27 - 00049528 _____ C:\Users\Admin\Desktop\AutoRuns.txt
2013-09-10 02:21 - 2013-09-10 02:21 - 00000000 ____D C:\Users\Admin\Desktop\Autoruns
2013-09-10 02:19 - 2013-09-10 02:20 - 00550371 _____ C:\Users\Admin\Desktop\Autoruns.zip
2013-09-08 18:52 - 2013-09-08 18:52 - 00002079 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-08 18:52 - 2013-08-29 23:48 - 00770344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00369584 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00177864 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00066336 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00061680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00056080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00049376 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-09-08 18:52 - 2013-08-29 23:48 - 00029816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-09-08 18:52 - 2013-08-29 23:47 - 00229648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-09-08 18:39 - 2013-08-29 23:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-08 18:37 - 2013-09-08 18:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-08 18:36 - 2013-09-08 18:37 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-08 18:14 - 2013-09-08 18:30 - 131918888 _____ C:\Users\Admin\Desktop\avast_free_antivirus_setup (1).exe
2013-08-29 11:43 - 2013-08-29 11:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Macromedia
2013-08-27 16:55 - 2013-09-11 17:09 - 235703249 _____ C:\Windows\MEMORY.DMP
2013-08-27 16:55 - 2013-08-27 16:55 - 00159576 _____ C:\Windows\Minidump\082713-20904-01.dmp
2013-08-26 04:41 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-26 04:41 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-26 04:41 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-26 04:41 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-26 04:41 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-26 04:41 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-26 04:41 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-26 04:41 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-26 04:40 - 2013-09-11 18:25 - 00000000 ____D C:\Qoobox
2013-08-26 04:25 - 2013-08-27 03:40 - 00000000 ____D C:\Windows\erdnt
2013-08-23 15:25 - 2013-08-23 15:25 - 00006576 ____N C:\bootsqm.dat
2013-08-23 15:11 - 2013-08-23 15:11 - 00001027 _____ C:\Users\Admin\Desktop\Puran Defrag.lnk
2013-08-23 15:11 - 2013-08-23 15:11 - 00000000 ____D C:\Program Files\Puran Defrag
2013-08-23 15:11 - 2013-01-17 12:24 - 01136512 _____ (Puran Software) C:\Windows\System32\PuranFD.exe
2013-08-23 15:11 - 2013-01-17 12:23 - 00260992 _____ (Puran Software) C:\Windows\System32\PuranDefragS.exe
2013-08-23 15:11 - 2013-01-17 12:23 - 00257408 _____ (Puran Software) C:\Windows\System32\PuranDC.exe
2013-08-23 15:11 - 2013-01-17 12:23 - 00109952 _____ (Puran Software) C:\Windows\System32\PuranDefragBT.exe
2013-08-23 15:11 - 2012-12-13 08:09 - 00219520 _____ (Puran Software) C:\Windows\System32\PuranDefrag.dll
2013-08-22 09:58 - 2013-08-22 09:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-08-22 09:57 - 2013-08-22 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 07:43 - 2013-08-22 07:43 - 00000000 ____D C:\_OTL
2013-08-22 05:07 - 2013-08-22 05:07 - 00975858 _____ C:\Users\Admin\Desktop\adwcleaner.exe
2013-08-20 16:43 - 2013-08-20 16:43 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-08-20 16:32 - 2013-08-22 07:31 - 00000000 ____D C:\AdwCleaner
2013-08-18 10:13 - 2013-08-18 10:13 - 00000000 ____D C:\b62e6110dad360ca0156c3f548a9c0
2013-08-16 17:00 - 2013-08-16 17:00 - 00000000 ____D C:\ddae796237252042a0f35e4aeebe
2013-08-16 11:22 - 2013-07-25 19:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-16 11:22 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-16 11:22 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-16 11:22 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-16 11:22 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-16 11:22 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-16 11:21 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-16 11:21 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-16 11:21 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-16 11:21 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-16 11:21 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-15 07:24 - 2013-09-12 07:44 - 00005456 _____ C:\Windows\setupact.log
2013-08-15 07:24 - 2013-08-15 07:24 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 06:29 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 06:29 - 2013-07-08 20:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 06:29 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 06:29 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 06:29 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 06:28 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 06:28 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 06:28 - 2013-07-05 21:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 06:23 - 2013-06-14 19:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-12 08:07 - 2013-09-12 08:07 - 00000000 ____D C:\FRST
2013-09-12 07:51 - 2010-08-18 04:38 - 01300794 _____ C:\Windows\WindowsUpdate.log
2013-09-12 07:51 - 2009-07-13 20:34 - 00016272 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 07:51 - 2009-07-13 20:34 - 00016272 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 07:44 - 2013-08-15 07:24 - 00005456 _____ C:\Windows\setupact.log
2013-09-12 06:12 - 2010-08-17 11:51 - 00748538 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-12 04:48 - 2010-08-18 04:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 04:41 - 2013-07-21 20:29 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 04:41 - 2010-09-08 11:25 - 76725432 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-12 04:24 - 2010-08-18 04:40 - 00167890 _____ C:\Windows\PFRO.log
2013-09-12 04:21 - 2013-09-12 04:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\FixZeroAccess
2013-09-12 04:18 - 2013-09-12 04:18 - 01805736 _____ (Symantec Corporation) C:\Users\Admin\Desktop\FixZeroAccess.exe
2013-09-11 19:07 - 2013-09-11 19:07 - 00002049 _____ C:\Users\Admin\Desktop\aswMBR.txt
2013-09-11 19:07 - 2013-09-11 19:07 - 00000512 _____ C:\Users\Admin\Desktop\MBR.dat
2013-09-11 18:36 - 2013-09-11 18:36 - 04745728 _____ (AVAST Software) C:\Users\Admin\Desktop\aswMBR.exe
2013-09-11 18:25 - 2013-09-11 18:25 - 00018099 _____ C:\ComboFix.txt
2013-09-11 18:25 - 2013-08-26 04:40 - 00000000 ____D C:\Qoobox
2013-09-11 18:07 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini
2013-09-11 17:24 - 2012-06-10 09:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-09-11 17:24 - 2012-03-07 18:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-11 17:20 - 2013-09-11 17:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\RealNetworks
2013-09-11 17:10 - 2013-09-11 17:10 - 00159576 _____ C:\Windows\Minidump\091113-45786-01.dmp
2013-09-11 17:10 - 2010-09-18 08:49 - 00000000 ____D C:\Windows\Minidump
2013-09-11 17:09 - 2013-08-27 16:55 - 235703249 _____ C:\Windows\MEMORY.DMP
2013-09-11 17:05 - 2013-09-11 17:05 - 05124599 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2013-09-10 02:31 - 2013-09-10 02:30 - 05299088 _____ (Auslogics Labs Pty Ltd ) C:\Users\Admin\Desktop\disk-defrag-setup.exe
2013-09-10 02:29 - 2013-09-10 02:29 - 00448512 _____ (OldTimer Tools) C:\Users\Admin\Desktop\TFC.exe
2013-09-10 02:27 - 2013-09-10 02:27 - 00049528 _____ C:\Users\Admin\Desktop\AutoRuns.txt
2013-09-10 02:21 - 2013-09-10 02:21 - 00000000 ____D C:\Users\Admin\Desktop\Autoruns
2013-09-10 02:20 - 2013-09-10 02:19 - 00550371 _____ C:\Users\Admin\Desktop\Autoruns.zip
2013-09-08 18:52 - 2013-09-08 18:52 - 00002079 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-08 18:52 - 2009-07-13 18:04 - 00002577 _____ C:\Windows\System32\config.nt
2013-09-08 18:37 - 2013-09-08 18:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-08 18:37 - 2013-09-08 18:36 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-08 18:30 - 2013-09-08 18:14 - 131918888 _____ C:\Users\Admin\Desktop\avast_free_antivirus_setup (1).exe
2013-09-04 16:54 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-09-04 16:13 - 2012-01-07 07:27 - 00000000 ____D C:\ProgramData\Norton
2013-09-03 19:40 - 2010-10-14 12:07 - 00000000 ____D C:\Program Files\Google
2013-08-29 23:48 - 2013-09-08 18:52 - 00770344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00369584 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00177864 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00066336 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00061680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00056080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00049376 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-08-29 23:48 - 2013-09-08 18:52 - 00029816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-08-29 23:47 - 2013-09-08 18:52 - 00229648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-08-29 23:47 - 2013-09-08 18:39 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-29 11:43 - 2013-08-29 11:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Macromedia
2013-08-27 16:55 - 2013-08-27 16:55 - 00159576 _____ C:\Windows\Minidump\082713-20904-01.dmp
2013-08-27 03:59 - 2009-07-13 18:37 - 00000000 __RHD C:\users\Default
2013-08-27 03:59 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2013-08-27 03:40 - 2013-08-26 04:25 - 00000000 ____D C:\Windows\erdnt
2013-08-24 04:54 - 2010-08-18 04:45 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-23 16:45 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-23 15:25 - 2013-08-23 15:25 - 00006576 ____N C:\bootsqm.dat
2013-08-23 15:11 - 2013-08-23 15:11 - 00001027 _____ C:\Users\Admin\Desktop\Puran Defrag.lnk
2013-08-23 15:11 - 2013-08-23 15:11 - 00000000 ____D C:\Program Files\Puran Defrag
2013-08-22 09:58 - 2013-08-22 09:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-08-22 09:57 - 2013-08-22 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-22 07:43 - 2013-08-22 07:43 - 00000000 ____D C:\_OTL
2013-08-22 07:43 - 2010-08-18 01:43 - 00000000 ____D C:\users\Admin
2013-08-22 07:31 - 2013-08-20 16:32 - 00000000 ____D C:\AdwCleaner
2013-08-22 05:07 - 2013-08-22 05:07 - 00975858 _____ C:\Users\Admin\Desktop\adwcleaner.exe
2013-08-20 16:43 - 2013-08-20 16:43 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-08-18 18:11 - 2012-02-13 17:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Deployment
2013-08-18 10:13 - 2013-08-18 10:13 - 00000000 ____D C:\b62e6110dad360ca0156c3f548a9c0
2013-08-18 08:55 - 2013-01-31 11:44 - 00000000 ____D C:\ProgramData\Skype
2013-08-18 08:50 - 2013-01-31 11:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-08-16 17:00 - 2013-08-16 17:00 - 00000000 ____D C:\ddae796237252042a0f35e4aeebe
2013-08-15 07:24 - 2013-08-15 07:24 - 00000000 _____ C:\Windows\setuperr.log

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 1789.98 MB
Available physical RAM: 1392.26 MB
Total Pagefile: 1789.98 MB
Available Pagefile: 1396.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:107.03 GB) NTFS
Drive e: () (Removable) (Total:7.45 GB) (Free:7.26 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 62C4ABB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-02-20 14:26

==================== End Of Log ============================
  • 0

#36
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
This last FRST log looks much better. Test your system after this two steps and let me know results.

Step 1

Download the ESET services repair tool, extract the file to your desktop.
  • Double-click ServicesRepair.exe.
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply.

Step 2

Please run Malwarebytes and update malware definitions. Do Quick Scan and post log here for me.

Step 3

Please don't forget to include these items in your reply:

  • ServicesRepair log
  • Malwarebytes log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#37
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.13.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Admin :: RCRUM-MINI [administrator]

9/13/2013 9:14:11 AM
mbam-log-2013-09-13 (09-14-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 410575
Time elapsed: 2 hour(s), 20 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#38
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Log Opened: 2013-09-12 @ 22:09:57
22:09:57 - -----------------
22:09:57 - | Begin Logging |
22:09:57 - -----------------
22:09:57 - Fix started on a WIN_7 X86 computer
22:09:57 - Prep in progress. Please Wait.
22:10:02 - Prep complete
22:10:02 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
22:10:09 - Services Repair Complete.
22:10:20 - Reboot Initiated


The computer seems to be reacting better. The web pages load quicker than they were before.
  • 0

#39
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi strew1221,

Glad to hear that. Test your system for a while and I'll prepare some cleanup for you...
  • 0

#40
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi strew1221,

If you don't have any problems I'll clean up my programs. Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

Advertisements


#41
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Thank you for your help with getting my computer cleaned up and running better. I really appreciate it.
  • 0

#42
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP