Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

URGENT: Is it a Malware, a Virus or something else - sounds fishy!

malware virus slow computer sound problems

  • This topic is locked This topic is locked

#46
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
I'll be doing this either tonight or tomorrow. Been busy here. thanks
  • 0

Advertisements


#47
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi - I've been having problems accessing the geekstogo site for a few days. IE takes about 1 min now to load each web page. This website was not responding it said all day yesterday so I'm not sure if that is your site or my computer? Firefox is better.

Ok, I ran the scan and it said that I had 2 banks of 1 max memory 4096 mb which looks like half of your memory so I guess that is slow?

thank you.
  • 0

#48
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like you may have space for one more stick of RAM

Lets now cut down the startup items

Go Start > type in MSconfig in the search box
Click the MSConfig that appears at the top
Select the Startup tab
Remove the ticks from all items with the exception of your anti-virus
OK out
Reboot the computer and let me know if there is an improvement
http://www.addictive...em-performance/
  • 0

#49
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

I'll be responding tomorrow. thanks


  • 0

#50
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi so busy here apologies for the late response. It took me 10 mins to get on to this site. It just seems to refuse to load and it is so slow. Firefox is better I use IE to get on to this site. Today on Firefox loaded up webprize3.com and asked me to complete a survey to get a prize reduced. Does this have anything to do with the problems I am getting? How can I check if it has infected my PC please? thank you.
  • 0

#51
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sounds like you have gained some adware

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#52
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Hi, thanks for the info.  still slow loading IE even after the adware removal.

 

Here is the log:

 

AdwCleaner v3.213 - Report created 24/06/2014 at 10:44:07
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Frances - FRANCES-PC
# Running from : C:\Users\Frances\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Windows\Tasks\driverupdate startup.job
File Deleted : C:\Windows\System32\Tasks\driverupdate startup

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1480F060-452F-4F13-B17D-D65FB69F74B5}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1480F060-452F-4F13-B17D-D65FB69F74B5}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\BillP Studios
Key Deleted : HKLM\Software\BillP Studios
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={5207DEAA-94A2-4F66-9A9E-22ACC1D0FA89}&mid=f450ba7485e74e2f9c09b00944ddb83d-d35c1238b12fbdd279a8bfb2bdb065e512efeeab&lang=en&ds=AVG&pr=pr&d=2012-11-24 11:57:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}

*************************

AdwCleaner[R0].txt - [2248 octets] - [24/06/2014 10:41:58]
AdwCleaner[S0].txt - [2209 octets] - [24/06/2014 10:44:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2269 octets] ##########
 


  • 0

#53
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

I also have been receiving more regularly fake emails with attached invoices saying that I have made purchases using credit cards I don't have, or other fake emails.  Does this adware have anything to do with that if not is there anything I can do to protect myself from this or is this out of scope.  thank you.


  • 0

#54
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Fake e-mails are unfortunately a fact of life if some one has your address

We will look at protection in a bit but first I would like to do a deep search

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#55
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Hi here is the log, yet to discover if it is running better I'll report back in a day or so thanks.

 

ComboFix 14-06-27.01 - Frances 28/06/2014  14:28:04.5.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2037.1051 [GMT 1:00]
Running from: c:\users\Frances\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-28 to 2014-06-28  )))))))))))))))))))))))))))))))
.
.
2014-06-28 13:38 . 2014-06-28 13:39    --------    d-----w-    c:\users\Frances\AppData\Local\temp
2014-06-28 13:38 . 2014-06-28 13:38    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-06-28 13:38 . 2014-06-28 13:38    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-26 09:15 . 2014-06-26 09:15    --------    d-----w-    c:\users\Frances\AppData\Local\Adobe
2014-06-24 09:42 . 2010-08-30 07:34    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-06-17 15:22 . 2014-06-17 15:22    188696    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2014-06-17 15:21 . 2014-06-17 15:21    197400    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-06-17 15:18 . 2014-06-17 15:18    241944    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2014-06-17 15:17 . 2014-06-17 15:17    147736    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2014-06-17 15:06 . 2014-06-17 15:06    199960    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-17 15:06 . 2014-06-17 15:06    121624    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 15:06 . 2014-06-17 15:06    98584    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2014-06-17 15:06 . 2014-06-17 15:06    27416    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 15:06 . 2014-06-17 15:06    21272    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2014-06-16 13:50 . 2014-06-16 13:50    --------    d-----w-    c:\program files\iPod
2014-06-16 13:49 . 2014-06-16 13:51    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-16 13:49 . 2014-06-16 13:51    --------    d-----w-    c:\program files\iTunes
2014-06-13 08:49 . 2014-04-05 02:25    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-06-13 08:49 . 2014-04-05 02:24    187840    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-12 13:22 . 2014-03-26 14:27    1389056    ----a-w-    c:\windows\system32\msxml6.dll
2014-06-12 13:22 . 2014-03-26 14:27    1237504    ----a-w-    c:\windows\system32\msxml3.dll
2014-06-12 13:22 . 2014-03-26 14:25    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2014-06-12 13:22 . 2014-03-26 14:25    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-06-12 13:22 . 2014-06-08 08:48    391680    ----a-w-    c:\windows\system32\aepdu.dll
2014-06-12 13:22 . 2014-06-08 08:43    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-06-12 13:22 . 2014-04-25 02:06    626688    ----a-w-    c:\windows\system32\usp10.dll
2014-06-12 10:42 . 2014-05-08 09:06    2742784    ----a-w-    c:\windows\system32\rdpcorets.dll
2014-06-12 10:42 . 2014-05-08 09:06    13824    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-25 13:33 . 2012-04-01 15:14    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-06-25 13:33 . 2011-06-29 10:58    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 09:09 . 2014-03-28 10:21    13464    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2014-04-15 01:34 . 2014-04-15 01:34    1070232    ----a-w-    c:\windows\system32\MSCOMCTL.OCX
2014-04-14 19:13 . 2014-04-23 09:22    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-04-12 02:15 . 2014-05-14 10:17    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15 . 2014-05-14 10:17    136640    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12 . 2014-05-14 10:17    15872    ----a-w-    c:\windows\system32\sspisrv.dll
2014-04-12 02:12 . 2014-05-14 10:17    100352    ----a-w-    c:\windows\system32\sspicli.dll
2014-04-12 02:12 . 2014-05-14 10:17    22016    ----a-w-    c:\windows\system32\secur32.dll
2014-04-12 02:11 . 2014-05-14 10:17    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 02:11 . 2014-05-14 10:17    22528    ----a-w-    c:\windows\system32\lsass.exe
2013-07-23 12:27 . 2013-07-23 12:26    36154    ----a-w-    c:\program files\cc_20130723_132652.reg
2011-06-27 22:29 . 2011-06-27 22:28    15044    ----a-w-    c:\program files\cc_20110627_232823.reg
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"visionboard"="c:\program files\VisionBoard\visionboardlauncher.exe" [2009-07-11 1176064]
"googletalk"="c:\users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"btbb_McciTrayApp"="c:\program files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe" [2011-09-07 1841664]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-26 152392]
.
c:\users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-06-17 3242000]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-28 904192]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2014-06-24 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-09 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-17 121624]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2013-09-26 47928]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-06-17 199960]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [2014-06-17 1417160]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-06-17 289328]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 20:48    1091912    ----a-w-    c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:33]
.
2014-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 12:37]
.
2014-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-27 12:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1EB4CFC4-7649-413F-870B-BB36D0D3979F}: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A79483D2-6796-4059-832A-41A709A2AAE1}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\bx768oe8.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-28  14:41:56
ComboFix-quarantined-files.txt  2014-06-28 13:41
ComboFix2.txt  2014-05-10 09:16
.
Pre-Run: 147,201,347,584 bytes free
Post-Run: 146,778,865,664 bytes free
.
- - End Of File - - 0DF5CE557DBC3DEABEDEAA96F2FEAF89
A36C5E4F47E84449FF07ED3517B43A31
 


  • 0

Advertisements


#56
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well that looks good and my assessment is that you are free of malware.. Let me know if any problems crop up whilst you are testing
  • 0

#57
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets remove my tools now to give you some space


I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 
Now the best part of the day -----

Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Download and run Delfix
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware
CryptoPrevent.JPG

Malwarebytes.
Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe  :wave:
  • 0

#58
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Hi thanks Essexboy for all your help so far.  I'm still experiencing problems loading IE and firefox often it takes ages to load and I get "not responding" message.  Is there anything we can do about this? thanks


  • 0

#59
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

PS I've always had malwarebytes running and kept it updated + superantivirus.  with the crytoprevet do I just leave the default settings or select my own? thanks


Edited by Feather24, 03 July 2014 - 06:30 AM.

  • 0

#60
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
With crypto prevent I always leave it at default settings :)

Reference the speed :

The following programmes are not required to start with windows, they will start when you run the main programme. Otherwise they are uneccessary overheads

googletalk
MP3 Skype Recorder
visionboard
BCSSync
APSDaemon


Another 2GB of RAM would come in handy

Plus if the start up is slow we could use the Microsoft xboot programme to re-organise the initial driver loading
  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, virus, slow computer, sound problems

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP