Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow internet connection on startup [Solved]

Started by Larryq22 , Mar 08 2014 08:00 AM

  • This topic is locked This topic is locked

#16
Larryq22
Posted 12 March 2014 - 06:34 PM

Larryq22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I'll hold off making any adjustments for a while. I just downloaded a bunch of Windows updates (I had been neglecting that) and the internet connected quickly again. So I'll give it a little while before uninstalling to see if it was magically fixed.

Thanks for hanging in there. I may be back, who knows :rolleyes:
  • 0

Advertisements

#17
emeraldnzl
Posted 12 March 2014 - 07:20 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again Larryq22,

That's fine, just to say that the FRST fix that was attached to my last post did have set for removal some malware. :)

Amongst others, this one:

FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Malwarebytes doesn't always get it, see link below:

http://www.malwarere...l-instructions/

I don't suggest you follow the removal instructions at the link, just to say that it should be removed.

The FRST fix starts the process and with a bit of luck ComboFix will finish the job.

Clearly it's your machine and you can do with it what you like but I do recommend running the FRST fix and ComboFix.

If you do decide to do that then please post back the logs so that we can check that we have been successful.

If you don't decide to do that then tell me so that I can give you directions to remove the tools we have been using. Leaving them on your machine can cause problems as some of them make changes to help with malware removal. They reverse the changes when they are properly removed when finished.
  • 0

#18
Larryq22
Posted 12 March 2014 - 08:33 PM

Larryq22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here's the latest. I chose not to uninstall YouTubeDownloader and Freemake Video Converter yet.

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2014
Ran by larryq22 at 2014-03-12 21:56:32 Run:2
Running from C:\Users\larryq22\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.yahoo...ngton-12775317/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.orbitdownloader.com
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
FF Homepage: hxxp://weather.yahoo.com/united-states/kentucky/lexington-12775317/
FF HKCU\...\Firefox\Extensions: [{FF776E25-9AF0-11E1-826E-B8AC6F996F26}] - C:\Users\larryq22\AppData\Local\{FF776E25-9AF0-11E1-826E-B8AC6F996F26}\
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
C:\ProgramData\SpeedBit
C:\Program Files\Common Files\SpeedBit
C:\Users\Public\Documents\Speedbit


*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Restore => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => Value deleted successfully.
HKCR\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => Value deleted successfully.
HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Firefox homepage deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{FF776E25-9AF0-11E1-826E-B8AC6F996F26} => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
C:\ProgramData\SpeedBit => Moved successfully.
C:\Program Files\Common Files\SpeedBit => Moved successfully.
C:\Users\Public\Documents\Speedbit => Moved successfully.

==== End of Fixlog ====

ComboFix.txt

ComboFix 14-03-10.01 - larryq22 03/12/2014 22:00:46.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1111 [GMT -4:00]
Running from: c:\users\larryq22\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk
C:\Windows6.1-KB975777-x86.msu
.
.
((((((((((((((((((((((((( Files Created from 2014-02-13 to 2014-03-13 )))))))))))))))))))))))))))))))
.
.
2014-03-13 02:08 . 2014-03-13 02:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-12 21:25 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 21:25 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-12 21:25 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 02:47 . 2014-03-12 02:47 -------- d-----w- c:\program files\ESET
2014-03-12 01:05 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38F312AC-32B6-499B-A4F2-787FB1890479}\mpengine.dll
2014-03-10 21:32 . 2014-03-10 21:32 -------- d-----w- c:\programdata\YTD Video Downloader
2014-03-10 21:32 . 2014-03-10 21:32 -------- d-----w- c:\program files\GreenTree Applications
2014-03-10 20:51 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-09 11:50 . 2014-03-13 00:40 -------- d-----w- c:\program files\iWisoft Free Video Downloader
2014-03-09 11:43 . 2014-03-09 11:42 91264 ----a-w- c:\windows\system32\EasyHook32.dll
2014-03-09 11:43 . 2014-03-09 11:42 109696 ----a-w- c:\windows\system32\EasyHook64.dll
2014-03-09 11:43 . 1998-12-05 17:18 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2014-03-08 22:01 . 2014-03-13 01:56 -------- d-----w- C:\FRST
2014-03-08 12:31 . 2014-03-08 12:31 -------- d-----w- c:\users\larryq22\AppData\Roaming\GetGo Software
2014-03-08 12:30 . 2014-03-08 13:06 -------- d-----w- c:\program files\GetGo Software
2014-03-08 08:03 . 2014-02-20 23:49 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFC2045C-6661-4150-AF67-66A0C7EC0C14}\gapaengine.dll
2014-03-03 19:29 . 2014-03-03 19:31 -------- d-----w- c:\programdata\Freemake
2014-03-03 19:29 . 2014-03-03 19:29 -------- d-----w- c:\program files\Freemake
2014-03-03 15:59 . 2014-03-03 15:59 -------- d-----w- c:\users\larryq22\AppData\Roaming\Digiarty
2014-03-01 17:58 . 2014-03-01 19:28 -------- d-----w- c:\users\larryq22\AppData\Roaming\COWON
2014-02-17 20:34 . 2014-02-17 20:34 -------- d-----w- c:\windows\Migration
2014-02-15 14:00 . 2014-02-15 14:00 -------- d-----w- c:\users\larryq22\AppData\Local\utd
2014-02-15 14:00 . 2014-02-16 04:51 -------- d-----w- c:\users\larryq22\AppData\Local\YouTubeBatchDownloader
2014-02-15 13:59 . 2014-02-16 04:51 -------- d-----w- c:\program files\Eurekr.com
2014-02-12 08:02 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 04:22 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 04:22 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 04:22 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 04:22 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 13:03 . 2013-06-01 15:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 13:03 . 2013-06-01 15:02 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-20 23:49 . 2012-06-18 13:33 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-19 07:32 . 2010-04-14 20:47 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-08 20:54 . 2013-12-23 13:47 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2013-12-24 15:40 . 2014-01-01 03:58 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-15 04:50 . 2013-12-15 04:50 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-12-15 04:50 . 2013-12-15 04:50 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-15 04:50 . 2013-12-15 04:50 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-15 04:50 . 2013-12-15 04:50 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-12-15 04:50 . 2013-12-15 04:50 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-15 04:50 . 2013-12-15 04:50 182272 ----a-w- c:\windows\system32\msls31.dll
2013-12-15 04:50 . 2013-12-15 04:50 337408 ----a-w- c:\windows\system32\html.iec
2013-12-15 04:50 . 2013-12-15 04:50 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-15 04:50 . 2013-12-15 04:50 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-15 04:50 . 2013-12-15 04:50 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-12-15 04:50 . 2013-12-15 04:50 139264 ----a-w- c:\windows\system32\wextract.exe
2013-12-15 04:50 . 2013-12-15 04:50 13312 ----a-w- c:\windows\system32\mshta.exe
2013-12-15 04:50 . 2013-12-15 04:50 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-15 04:50 . 2013-12-15 04:50 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-12-15 04:50 . 2013-12-15 04:50 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-15 04:50 . 2013-12-15 04:50 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-15 04:50 . 2013-12-15 04:50 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-15 04:50 . 2013-12-15 04:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-15 04:48 . 2013-12-15 04:48 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-12-15 04:48 . 2013-12-15 04:48 619520 ----a-w- c:\windows\system32\tdh.dll
2013-12-15 04:48 . 2013-12-15 04:48 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-12-15 04:48 . 2013-12-15 04:48 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-12-15 04:48 . 2013-12-15 04:48 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-12-15 04:48 . 2013-12-15 04:48 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-12-15 04:48 . 2013-12-15 04:48 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-12-15 04:48 . 2013-12-15 04:48 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-12-15 04:48 . 2013-12-15 04:48 1505280 ----a-w- c:\windows\system32\d3d11.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3RVX"="c:\program files\3RVX\3RVX.exe" [2008-10-14 159232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0???????????\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wi-Fi MediaConnect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Wi-Fi MediaConnect.lnk
backup=c:\windows\pss\Wi-Fi MediaConnect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^larryq22^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^larryq22^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Security Essentials (2).lnk]
path=c:\users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Security Essentials (2).lnk
backup=c:\windows\pss\Microsoft Security Essentials (2).lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^larryq22^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSystemDetect]
c:\users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]
2010-12-15 21:21 514048 ----a-w- c:\programdata\Boxtools\Boxofttoolbox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-11-08 20:14 1095000 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 23:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 16:18 49208 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 23:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 21:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 23:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
2009-08-21 15:36 878080 ----a-w- c:\windows\System32\PrintDisp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2013-07-25 16:19 5624784 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowBatteryBar]
2009-05-28 21:02 90624 ----a-w- c:\program files\BatteryBar\ShowBatteryBar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-06-18 03:21 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-19 14848]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-08-24 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-08-24 10448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-08 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-08 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400]
R3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\DRIVERS\wfmcvad.sys [2010-02-08 19456]
R4 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-06-16 77824]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-04-16 39056]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-02 13560]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 18624]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-31 20968]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-08 250712]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [2013-03-26 196624]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-01 13:03]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 04:00]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 04:00]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
Trusted Zone: netteller.com
Trusted Zone: pebank.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\larryq22\AppData\Roaming\Mozilla\Firefox\Profiles\r6fyir23.default-1390787644197\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-!SASWinLogon - c:\users\larryq22\Desktop\Desktop AV files\SASWINLO.DLL
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe
MSConfigStartUp-Garmin Lifetime Updater - c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
MSConfigStartUp-SUPERAntiSpyware - c:\users\larryq22\Desktop\Desktop AV files\SUPERAntiSpyware.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2014-03-12 22:18:03 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-13 02:18
ComboFix2.txt 2011-12-07 01:43
.
Pre-Run: 41,948,086,272 bytes free
Post-Run: 41,865,646,080 bytes free
.
- - End Of File - - D9635C0B885B6CEEDEF5797A40D2F6F2
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#19
emeraldnzl
Posted 12 March 2014 - 08:45 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
I think we are pretty much there.

One last check with a FRST scan and then, all going well, I will give you the clearing away the tools directions. :)

  • Please run Farbars Recovery Scan Tool again
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • 0

#20
Larryq22
Posted 13 March 2014 - 06:03 PM

Larryq22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Latest scan FRST 13 Mar 2014, 8:00 p.m. EST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014
Ran by larryq22 (administrator) on LARRYQ22-LAPTOP on 13-03-2014 20:00:15
Running from C:\Users\larryq22\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(matt.malensek.net) C:\Program Files\3RVX\3RVX.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Run: [3RVX] - C:\Program Files\3RVX\3RVX.exe [159232 2008-10-14] (matt.malensek.net)
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1565751698-4180938818-3206272671-1000\...\Policies\Explorer: [NoInternetOpenWith] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1EEBA0D313DCCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\larryq22\AppData\Roaming\Mozilla\Firefox\Profiles\r6fyir23.default-1390787644197
FF Homepage: hxxp://weather.yahoo.com/united-states/kentucky/lexington-12775317/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll No File
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2014-02-14]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-05]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-17]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-05]

========================== Services (Whitelisted) =================

R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
S3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.)
S3 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.)
R2 HPSLPSVC; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S4 Printer Control; C:\Windows\system32\PrintCtrl.exe [77824 2009-06-16] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 cpuz133; C:\Windows\system32\drivers\cpuz133_x32.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-01] (GFI Software)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40912 2010-08-24] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10448 2010-08-24] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
S3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect)
S3 catchme; \??\C:\Users\larryq22\AppData\Local\Temp\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-13 20:00 - 2014-03-13 20:00 - 00002049 _____ () C:\Users\larryq22\Desktop\FRST.txt
2014-03-12 22:18 - 2014-03-12 22:18 - 00020018 _____ () C:\ComboFix.txt
2014-03-12 21:55 - 2014-03-12 21:55 - 05188693 ____R (Swearware) C:\Users\larryq22\Desktop\ComboFix.exe
2014-03-12 20:41 - 2014-03-13 18:37 - 00074566 ____N () C:\Windows\WindowsUpdate.log
2014-03-12 17:26 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 17:26 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 17:26 - 2014-03-01 00:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 17:26 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 17:26 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 17:26 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 17:26 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 17:26 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 17:26 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 17:26 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 17:26 - 2014-02-28 23:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 17:26 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 17:26 - 2014-02-28 23:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 17:26 - 2014-02-28 23:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 17:26 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 17:26 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 17:26 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 17:26 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 17:26 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 17:26 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 17:26 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 17:26 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 17:25 - 2014-02-06 21:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 17:25 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 17:25 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 22:47 - 2014-03-11 22:47 - 00000000 ____D () C:\Program Files\ESET
2014-03-11 19:59 - 2014-03-11 19:59 - 00120233 _____ () C:\Users\larryq22\Documents_1140211_235947.dmp
2014-03-11 19:59 - 2014-03-11 19:59 - 00000467 _____ () C:\Users\larryq22\Documents_1140211_235947_main.txt
2014-03-11 19:48 - 2014-03-11 19:48 - 00123412 _____ () C:\Users\larryq22\Documents_1140211_234823.dmp
2014-03-11 19:48 - 2014-03-11 19:48 - 00000467 _____ () C:\Users\larryq22\Documents_1140211_234823_main.txt
2014-03-10 21:24 - 2014-03-10 21:25 - 00002397 _____ () C:\ipconfig.txt
2014-03-10 17:32 - 2014-03-10 17:32 - 00001253 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-03-10 17:32 - 2014-03-10 17:32 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-03-10 17:32 - 2014-03-10 17:32 - 00000000 ____D () C:\Program Files\GreenTree Applications
2014-03-09 07:50 - 2014-03-12 20:40 - 00000000 ____D () C:\Program Files\iWisoft Free Video Downloader
2014-03-09 07:50 - 2014-03-09 07:50 - 00001059 _____ () C:\Users\larryq22\Desktop\iWisoft Free Video Downloader.lnk
2014-03-09 07:50 - 2014-03-09 07:50 - 00000000 ____D () C:\Users\larryq22\Documents\iWisoft Free Video Downloader
2014-03-09 07:43 - 2014-03-09 07:42 - 00109696 _____ () C:\Windows\system32\EasyHook64.dll
2014-03-09 07:43 - 2014-03-09 07:42 - 00091264 _____ () C:\Windows\system32\EasyHook32.dll
2014-03-09 07:43 - 1998-12-05 13:18 - 00172032 _____ (Jin Hui E-mail: [email protected] Web: http://www.jcomsoft.com) C:\Windows\system32\AniGIF.ocx
2014-03-08 18:01 - 2014-03-13 20:00 - 00000000 ____D () C:\FRST
2014-03-08 18:00 - 2014-03-12 05:33 - 01145856 _____ (Farbar) C:\Users\larryq22\Desktop\FRST.exe
2014-03-08 08:31 - 2014-03-08 08:31 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\GetGo Software
2014-03-08 08:30 - 2014-03-08 09:06 - 00000000 ____D () C:\Program Files\GetGo Software
2014-03-03 15:29 - 2014-03-03 15:31 - 00000000 ____D () C:\Users\larryq22\Documents\Freemake
2014-03-03 15:29 - 2014-03-03 15:31 - 00000000 ____D () C:\ProgramData\Freemake
2014-03-03 15:29 - 2014-03-03 15:29 - 00001284 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-03-03 15:29 - 2014-03-03 15:29 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-03-03 15:29 - 2014-03-03 15:29 - 00000000 ____D () C:\Program Files\Freemake
2014-03-03 11:59 - 2014-03-03 11:59 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Digiarty
2014-03-01 13:58 - 2014-03-01 15:28 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\COWON
2014-03-01 13:55 - 2014-03-01 13:55 - 00000974 _____ () C:\Users\larryq22\Desktop\IrfanView.lnk
2014-03-01 13:45 - 2014-03-01 13:45 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-02-25 20:55 - 2014-02-25 20:56 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2014-02-17 16:28 - 2014-02-17 16:28 - 01021432 _____ (Microsoft Corporation) C:\Users\larryq22\Desktop\NDP451-KB2859818-Web.exe
2014-02-15 10:00 - 2014-02-16 00:51 - 00000000 ____D () C:\Users\larryq22\AppData\Local\YouTubeBatchDownloader
2014-02-15 10:00 - 2014-02-15 10:00 - 00000000 ____D () C:\Users\larryq22\Documents\My YouTube
2014-02-15 10:00 - 2014-02-15 10:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\utd
2014-02-15 09:59 - 2014-02-16 00:51 - 00000000 ____D () C:\Program Files\Eurekr.com
2014-02-14 09:47 - 2014-03-08 08:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 04:02 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 00:22 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 00:22 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 00:22 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 00:22 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-13 20:00 - 2014-03-13 20:00 - 00002049 _____ () C:\Users\larryq22\Desktop\FRST.txt
2014-03-13 20:00 - 2014-03-08 18:01 - 00000000 ____D () C:\FRST
2014-03-13 19:57 - 2012-08-26 00:00 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-13 19:43 - 2010-04-14 16:27 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-13 19:03 - 2013-07-13 14:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 18:37 - 2014-03-12 20:41 - 00074566 ____N () C:\Windows\WindowsUpdate.log
2014-03-13 18:16 - 2009-07-14 00:34 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 18:16 - 2009-07-14 00:34 - 00013472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 18:09 - 2012-08-26 00:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-13 18:09 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 22:18 - 2014-03-12 22:18 - 00020018 _____ () C:\ComboFix.txt
2014-03-12 22:18 - 2011-12-06 18:47 - 00000000 ____D () C:\Qoobox
2014-03-12 22:18 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-03-12 22:10 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-03-12 21:55 - 2014-03-12 21:55 - 05188693 ____R (Swearware) C:\Users\larryq22\Desktop\ComboFix.exe
2014-03-12 21:55 - 2010-05-02 21:44 - 00000000 ___RD () C:\Users\larryq22\Desktop\Desktop AV files
2014-03-12 21:53 - 2010-05-01 23:15 - 00000000 ____D () C:\Users\larryq22\Desktop\Desktop data files
2014-03-12 20:40 - 2014-03-09 07:50 - 00000000 ____D () C:\Program Files\iWisoft Free Video Downloader
2014-03-12 17:39 - 2009-07-14 00:33 - 00457760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 17:38 - 2012-10-31 18:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 17:34 - 2010-04-14 17:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 17:31 - 2013-08-14 03:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 17:28 - 2010-04-15 17:11 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-12 09:03 - 2013-06-01 11:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 09:03 - 2013-06-01 11:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 05:33 - 2014-03-08 18:00 - 01145856 _____ (Farbar) C:\Users\larryq22\Desktop\FRST.exe
2014-03-11 22:47 - 2014-03-11 22:47 - 00000000 ____D () C:\Program Files\ESET
2014-03-11 19:59 - 2014-03-11 19:59 - 00120233 _____ () C:\Users\larryq22\Documents_1140211_235947.dmp
2014-03-11 19:59 - 2014-03-11 19:59 - 00000467 _____ () C:\Users\larryq22\Documents_1140211_235947_main.txt
2014-03-11 19:59 - 2010-04-14 16:28 - 00000000 ____D () C:\Users\larryq22
2014-03-11 19:48 - 2014-03-11 19:48 - 00123412 _____ () C:\Users\larryq22\Documents_1140211_234823.dmp
2014-03-11 19:48 - 2014-03-11 19:48 - 00000467 _____ () C:\Users\larryq22\Documents_1140211_234823_main.txt
2014-03-11 06:35 - 2012-01-29 16:12 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\vlc
2014-03-11 06:30 - 2009-07-14 00:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-10 21:25 - 2014-03-10 21:24 - 00002397 _____ () C:\ipconfig.txt
2014-03-10 17:32 - 2014-03-10 17:32 - 00001253 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-03-10 17:32 - 2014-03-10 17:32 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-03-10 17:32 - 2014-03-10 17:32 - 00000000 ____D () C:\Program Files\GreenTree Applications
2014-03-10 17:25 - 2011-08-13 17:48 - 00000000 ____D () C:\Users\larryq22\.frostwire5
2014-03-09 10:33 - 2014-01-15 18:00 - 00000000 ____D () C:\AdwCleaner
2014-03-09 10:20 - 2012-08-26 00:00 - 00000000 ____D () C:\Program Files\Google
2014-03-09 10:20 - 2011-08-10 19:56 - 00000000 ____D () C:\Users\larryq22\AppData\Local\Google
2014-03-09 07:50 - 2014-03-09 07:50 - 00001059 _____ () C:\Users\larryq22\Desktop\iWisoft Free Video Downloader.lnk
2014-03-09 07:50 - 2014-03-09 07:50 - 00000000 ____D () C:\Users\larryq22\Documents\iWisoft Free Video Downloader
2014-03-09 07:42 - 2014-03-09 07:43 - 00109696 _____ () C:\Windows\system32\EasyHook64.dll
2014-03-09 07:42 - 2014-03-09 07:43 - 00091264 _____ () C:\Windows\system32\EasyHook32.dll
2014-03-08 11:24 - 2010-04-14 22:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-08 09:06 - 2014-03-08 08:30 - 00000000 ____D () C:\Program Files\GetGo Software
2014-03-08 08:31 - 2014-03-08 08:31 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\GetGo Software
2014-03-08 08:28 - 2014-02-14 09:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-05 18:30 - 2013-08-10 10:39 - 00001163 _____ () C:\Users\larryq22\Desktop\Any Video Converter.lnk
2014-03-03 16:49 - 2011-12-22 07:52 - 00000000 ____D () C:\ProgramData\DivX
2014-03-03 16:45 - 2011-12-22 07:53 - 00000000 ____D () C:\Program Files\DivX
2014-03-03 15:31 - 2014-03-03 15:29 - 00000000 ____D () C:\Users\larryq22\Documents\Freemake
2014-03-03 15:31 - 2014-03-03 15:29 - 00000000 ____D () C:\ProgramData\Freemake
2014-03-03 15:29 - 2014-03-03 15:29 - 00001284 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-03-03 15:29 - 2014-03-03 15:29 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-03-03 15:29 - 2014-03-03 15:29 - 00000000 ____D () C:\Program Files\Freemake
2014-03-03 11:59 - 2014-03-03 11:59 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Digiarty
2014-03-02 19:27 - 2012-09-01 22:22 - 00027136 _____ () C:\Users\larryq22\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-01 15:28 - 2014-03-01 13:58 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\COWON
2014-03-01 13:55 - 2014-03-01 13:55 - 00000974 _____ () C:\Users\larryq22\Desktop\IrfanView.lnk
2014-03-01 13:55 - 2010-04-16 07:12 - 00000000 ____D () C:\Program Files\IrfanView
2014-03-01 13:45 - 2014-03-01 13:45 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-03-01 13:34 - 2010-08-28 14:51 - 00000000 ____D () C:\Users\larryq22\AppData\Roaming\PrimoPDF
2014-03-01 00:30 - 2014-03-12 17:26 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:11 - 2014-03-12 17:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:10 - 2014-03-12 17:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:52 - 2014-03-12 17:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-12 17:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-12 17:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:43 - 2014-03-12 17:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:43 - 2014-03-12 17:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:40 - 2014-03-12 17:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:38 - 2014-03-12 17:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:38 - 2014-03-12 17:26 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:37 - 2014-03-12 17:26 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:31 - 2014-03-12 17:26 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:25 - 2014-03-12 17:26 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:16 - 2014-03-12 17:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:14 - 2014-03-12 17:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:03 - 2014-03-12 17:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:00 - 2014-03-12 17:26 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:57 - 2014-03-12 17:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:32 - 2014-03-12 17:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:27 - 2014-03-12 17:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:25 - 2014-03-12 17:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 20:09 - 2010-10-31 22:01 - 00000971 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-28 20:09 - 2010-04-14 21:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-25 20:58 - 2011-12-19 11:06 - 00000000 ____D () C:\Program Files\Cisco Systems
2014-02-25 20:56 - 2014-02-25 20:55 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2014-02-25 20:49 - 2014-01-01 00:15 - 00000000 ____D () C:\Program Files\Yahoo!
2014-02-19 04:12 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-17 16:28 - 2014-02-17 16:28 - 01021432 _____ (Microsoft Corporation) C:\Users\larryq22\Desktop\NDP451-KB2859818-Web.exe
2014-02-16 00:51 - 2014-02-15 10:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\YouTubeBatchDownloader
2014-02-16 00:51 - 2014-02-15 09:59 - 00000000 ____D () C:\Program Files\Eurekr.com
2014-02-16 00:31 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-15 10:00 - 2014-02-15 10:00 - 00000000 ____D () C:\Users\larryq22\Documents\My YouTube
2014-02-15 10:00 - 2014-02-15 10:00 - 00000000 ____D () C:\Users\larryq22\AppData\Local\utd
2014-02-14 08:46 - 2010-04-14 20:58 - 00000000 ____D () C:\Users\larryq22\AppData\Local\Deployment
2014-02-12 04:03 - 2009-07-13 22:04 - 00000513 _____ () C:\Windows\win.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 02:08

==================== End Of Log ============================


The computer seems to be working better. I had to re-seat the NIC card but so far, so good. I think I'm ready to remove the software tools. Thanks for your help!
  • 0

#21
emeraldnzl
Posted 13 March 2014 - 06:10 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again Larryq22,

The computer seems to be working better.


Yes I think you are good to go. :thumbsup:

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and some tools used in the removal of malware. This will also clean out and reset your Restore Points

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image
After that please go here to download OTC.

Run this program to remove most of the remaining tools we have been using.

If you are asked to reboot the machine to finish the Cleanup process choose Yes.

To remove AdwCleaner double click on adwcleaner.exe to run the tool.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#22
emeraldnzl
Posted 04 April 2014 - 02:56 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP