Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

PC boots up but can't open software [Solved]


  • This topic is locked This topic is locked
123 replies to this topic

#76 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 20 November 2013 - 12:39 PM

I clicked shut down as normal and nothing happened. Then I tried task manager but it wouldn't open. A few minutes later PC started logging off but stuck, so had to switch off at tower again.

 

What is the ideal amount of free HDD % required to run smoothly?

 

Revo works but each program uninstaller is slow.

 

I'm removing some more unimportant programs at this stage as I'd been told in the past by another technician that programs can conflict with each other.

 

If I have no malware left then can I use CCleaner now?

 

Sorry which one is "security check"?


    Advertisements

Register to Remove


#77 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 20 November 2013 - 03:41 PM

Well a reboot did work eventually after 20 minutes.

 

 

 

 

Event Type:    Information
Event Source:    Winlogon
Event Category:    None
Event ID:    1001
Date:        20/11/2013
Time:        20:21:05
User:        N/A
Computer:    USER-E862545A71
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         
Cleaning up minor inconsistencies on the drive.
Cleaning up 562 unused index entries from index $SII of file 0x9.
Cleaning up 562 unused index entries from index $SDH of file 0x9.
Cleaning up 562 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

 156280288 KB total disk space.
 120207904 KB in 142461 files.
     62100 KB in 12142 indexes.
         0 KB in bad sectors.
    724556 KB in use by the system.
     65536 KB occupied by the log file.
  35285728 KB available on disk.

      4096 bytes in each allocation unit.
  39070072 total allocation units on disk.
   8821432 allocation units available on disk.

Internal Info:
00 01 03 00 f6 5b 02 00 7b fd 03 00 00 00 00 00  .....[..{.......
6b 23 00 00 06 00 00 00 af 04 00 00 00 00 00 00  k#..............
a4 a1 fd 07 00 00 00 00 08 43 65 77 00 00 00 00  .........Cew....
d8 af da 79 00 00 00 00 a0 37 23 41 0a 00 00 00  ...y.....7#A....
f4 81 ed c2 01 00 00 00 12 e4 9d 04 0d 00 00 00  ................
99 9e 36 00 00 00 00 00 98 38 07 00 7d 2c 02 00  ..6......8..},..
00 00 00 00 00 80 e8 a8 1c 00 00 00 6e 2f 00 00  ............n/..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
 

 

 

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-02 18:19:44
-----------------------------
18:19:44.296    OS Version: Windows 5.1.2600 Service Pack 3
18:19:44.296    Number of processors: 1 586 0x409
18:19:44.296    ComputerName: USER-E862545A71  UserName: Paul_2
18:19:44.750    Initialize success
18:21:15.125    AVAST engine defs: 13110200
18:21:58.031    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
18:21:58.046    Disk 0 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 3
18:21:58.187    Disk 0 MBR read successfully
18:21:58.203    Disk 0 MBR scan
18:21:58.265    Disk 0 Windows XP default MBR code
18:21:58.296    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 63
18:21:58.328    Disk 0 scanning sectors +312560640
18:21:58.546    Disk 0 scanning C:\WINDOWS\system32\drivers
18:22:12.046    Service scanning
18:22:47.140    Modules scanning
18:23:18.046    Disk 0 trace - called modules:
18:23:18.046    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:23:18.046    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6a58f0]
18:23:18.046    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005e[0x8a6309e8]
18:23:18.046    5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a61f940]
18:23:18.406    AVAST engine scan C:\WINDOWS
18:23:23.109    AVAST engine scan C:\WINDOWS\system32
18:27:42.000    AVAST engine scan C:\WINDOWS\system32\drivers
18:28:18.625    AVAST engine scan C:\Documents and Settings\Paul_2
18:28:25.000    File: C:\Documents and Settings\Paul_2\Application Data\Betcat\dat\Desktop.OS.dll  **INFECTED** Win32:Webcake-A [Adw]
18:28:25.109    File: C:\Documents and Settings\Paul_2\Application Data\Betcat\dat\Dora.dat  **INFECTED** Win32:Webcake-A [Adw]
18:28:25.296    File: C:\Documents and Settings\Paul_2\Application Data\Betcat\dat\Maintain.dat  **INFECTED** Win32:Webcake-A [Adw]
18:28:25.406    File: C:\Documents and Settings\Paul_2\Application Data\Betcat\dat\Paladin.dat  **INFECTED** Win32:Webcake-A [Adw]
18:28:25.562    File: C:\Documents and Settings\Paul_2\Application Data\Betcat\dat\Phoenix.dat  **INFECTED** Win32:Webcake-A [Adw]
18:28:25.921    File: C:\Documents and Settings\Paul_2\Application Data\Betcat\WebCakeDesktop.exe  **INFECTED** Win32:Webcake-A [Adw]
18:40:22.937    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul_2\Desktop\MBR.dat"
18:40:23.046    The log file has been saved successfully to "C:\Documents and Settings\Paul_2\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-20 20:54:11
-----------------------------
20:54:11.546    OS Version: Windows 5.1.2600 Service Pack 3
20:54:11.546    Number of processors: 1 586 0x409
20:54:11.546    ComputerName: USER-E862545A71  UserName: Paul_2
20:54:12.000    Initialize success
21:01:10.375    AVAST engine defs: 13111900
21:02:32.468    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
21:02:32.468    Disk 0 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 3
21:02:32.656    Disk 0 MBR read successfully
21:02:32.656    Disk 0 MBR scan
21:02:32.703    Disk 0 Windows XP default MBR code
21:02:32.703    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 63
21:02:32.718    Disk 0 scanning sectors +312560640
21:02:32.781    Disk 0 scanning C:\WINDOWS\system32\drivers
21:02:48.390    Service scanning
21:03:18.234    Modules scanning
21:06:35.734    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul_2\Desktop\MBR.dat"
21:06:35.734    The log file has been saved successfully to "C:\Documents and Settings\Paul_2\Desktop\aswMBR.txt"

 

 

 

 

OTL logfile created on: 20/11/2013 21:12:27 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Paul_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.19% Memory free
3.35 Gb Paging File | 2.65 Gb Available in Paging File | 79.16% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 33.45 Gb Free Space | 22.44% Space Free | Partition Type: NTFS
 
Computer Name: USER-E862545A71 | User Name: Paul_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Paul_2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\WINDOWS\system32\mkunicode.dll ()
MOD - C:\WINDOWS\system32\mmfinfo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\Paul_2\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\Paul_2\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (RapportCerberus_59849) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys ()
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C4 D8 9E 58 A1 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
 
[2013/07/13 21:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul_2\Application Data\Mozilla\Extensions
[2013/11/20 17:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/20 17:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/20 17:08:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/11/03 01:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1349191978390 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCCFDC7E-C44D-4C7C-8F3A-86869B58B6B8}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/24 16:44:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/20 17:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/20 16:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\VS Revo Group
[2013/11/20 16:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2013/11/20 16:55:22 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013/11/20 16:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2013/11/20 16:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/11/20 16:54:05 | 010,031,224 | ---- | C] (VS Revo Group                                               ) -- C:\Documents and Settings\Paul_2\Desktop\RevoUninProSetup.exe
[2013/11/19 21:25:40 | 001,898,232 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Paul_2\Desktop\rkill.com
[2013/11/16 22:23:31 | 000,000,000 | ---D | C] -- C:\RK_Quarantine
[2013/11/15 18:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Desktop\RK_Quarantine
[2013/11/14 22:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/11/13 22:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/13 22:15:13 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Paul_2\Desktop\esetsmartinstaller_enu.exe
[2013/11/13 21:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Application Data\Malwarebytes
[2013/11/13 21:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/13 21:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/13 21:14:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/11/13 21:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/13 21:08:50 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Paul_2\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/10 23:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\My Documents\Breast milk for men preview
[2013/11/05 00:03:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/11/04 23:50:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/03 22:23:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/03 01:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/11/03 01:05:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/11/03 01:01:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/11/03 01:01:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/11/03 01:01:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/11/03 01:01:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/11/03 00:24:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/03 00:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/11/02 22:25:34 | 005,143,186 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 22:10:34 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/11/02 19:07:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:15:15 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/10/23 00:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Desktop\Old Firefox Data
[2012/10/01 14:48:38 | 048,745,576 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Program Files\spybotsd-2.0.10-rc2.exe
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/20 21:23:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B4DD41ED-D92A-4751-8FBA-5EC5BF6021DA}.job
[2013/11/20 21:06:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/11/20 20:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/20 20:22:22 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/20 20:22:22 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/20 20:22:22 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/20 20:22:21 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/11/20 20:22:21 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/20 20:22:21 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/20 20:22:21 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
[2013/11/20 20:20:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/20 16:55:24 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/11/20 16:54:07 | 010,031,224 | ---- | M] (VS Revo Group                                               ) -- C:\Documents and Settings\Paul_2\Desktop\RevoUninProSetup.exe
[2013/11/20 00:30:00 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/11/19 22:25:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/11/19 17:00:08 | 001,898,232 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Paul_2\Desktop\rkill.com
[2013/11/18 00:55:47 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/16 21:23:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/15 19:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
[2013/11/15 18:53:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/15 18:22:28 | 003,679,744 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\RogueKiller.exe
[2013/11/15 17:22:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/15 00:54:31 | 021,566,942 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-USGbini 72.wmv
[2013/11/13 22:15:53 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Paul_2\Desktop\esetsmartinstaller_enu.exe
[2013/11/13 21:17:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/13 21:09:12 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Paul_2\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/13 20:10:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/12 23:31:02 | 000,277,099 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+Yykjq9jzXF2x.jpg
[2013/11/12 23:30:44 | 000,322,065 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-z-Ik_r18KKx.jpg
[2013/11/12 23:30:17 | 000,243,259 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-d2jj5FYLnXx.jpg
[2013/11/12 17:43:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/11/12 17:43:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/11/08 23:08:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/03 22:20:35 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/03 01:16:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/11/03 01:05:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/11/02 22:25:38 | 005,143,186 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 19:07:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:52:12 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:15:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/11/01 15:54:18 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/10/30 23:10:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/30 23:07:37 | 000,071,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/20 16:55:24 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/11/15 18:22:27 | 003,679,744 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\RogueKiller.exe
[2013/11/15 00:54:22 | 021,566,942 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-USGbini 72.wmv
[2013/11/13 21:17:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/12 23:31:01 | 000,277,099 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+Yykjq9jzXF2x.jpg
[2013/11/12 23:30:43 | 000,322,065 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-z-Ik_r18KKx.jpg
[2013/11/12 23:30:15 | 000,243,259 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-d2jj5FYLnXx.jpg
[2013/11/03 22:20:30 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/03 01:05:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/11/03 01:05:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/11/03 01:01:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/11/03 01:01:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/11/03 01:01:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/11/03 01:01:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/11/03 01:01:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/11/02 18:42:39 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:40:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/01/23 22:33:35 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\dt.dat
[2013/01/22 21:13:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/25 00:03:39 | 000,172,507 | ---- | C] () -- C:\WINDOWS\hpoins38.dat
[2012/10/25 00:03:39 | 000,000,548 | ---- | C] () -- C:\WINDOWS\hpomdl38.dat
[2012/10/04 12:33:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/10/04 12:28:36 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/10/01 15:35:23 | 000,000,961 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/01 01:12:03 | 000,069,780 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sjpsusgqpvupxbp
[2012/08/16 21:57:30 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jejtrhljsoaszej
[2012/06/03 20:20:13 | 000,161,744 | ---- | C] () -- C:\Program Files\0cres.dll
[2012/02/16 22:10:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/02 01:06:22 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2011/12/02 01:06:21 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/06/10 21:46:52 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 19:00:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\FASTWiz.html
 
========== ZeroAccess Check ==========
 
[2011/09/29 20:42:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879

< End of report >
 


Edited by cousinkevin, 20 November 2013 - 04:28 PM.


#78 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 November 2013 - 11:40 PM

Hi cousinkevin, :blush:
 

What is the ideal amount of free HDD % required to run smoothly?

There is no "set" amount. A lot depends on what tasks you are trying to accomplish. Freeing up hard drive space in and of itself is not going to make your computer run like it did when you first got it. Unfortunately, a combination of processor speed, RAM and hard drive capacity all play a part in how responsive your computer will be. Older systems just do not seem to have the same "giddy up" as a new computer.

=========================
 

Sorry which one is "security check"?


bullseye_zpse9eaf36e.gif Security Check

Re-run Security Check by screen317.

  • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================







If I have no malware left then can I use CCleaner now?

Hold off for now, malware has re-appeared

=========================

bullseye_zpse9eaf36e.gif Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\Documents and Settings\Paul_2\Application Data\Betcat
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

=========================

bullseye_zpse9eaf36e.gif Re- run AdwCleaner

It should be on your desktop

Right click and select "Run as Administrator".

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:

  • check-up.txt
  • OTL fix log
  • AdwCleaner.txt
  • Fresh OTL.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#79 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 21 November 2013 - 12:48 PM

I haven't installed or used Security Check on my PC. I went through all previous posts to check.

 

Your last post addresses me as "fellfromgrace". Unintentional I'm sure?



#80 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 November 2013 - 12:54 PM

Hi cousinkevin,
 

Your last post addresses me as "fellfromgrace". Unintentional I'm sure?

Yes it was unintentional. I sincerly apologize for the error.

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#81 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 21 November 2013 - 03:05 PM

SC opened slowly and stuck at "preparing done".

 

So I ran OTL fix which took ages to reboot PC.

 

Attempted SC again which worked fine.

 

 

 

 Results of screen317's Security Check version 0.99.77  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 AVG 2014     
 AVG PC Tuneup 2011   
 AVG 2014     
 ESET Online Scanner v3   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 AVG PC Tuneup 2011  
 CCleaner     
 Java 7 Update 45  
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

 

 

 

 

All processes killed
========== FILES ==========
File\Folder C:\Documents and Settings\Paul_2\Application Data\Betcat not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Lynda
->Temp folder emptied: 258765 bytes
->Temporary Internet Files folder emptied: 36240987 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14036533 bytes
->Flash cache emptied: 833 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Paul
 
User: Paul_2
->Temp folder emptied: 108138607 bytes
->Temporary Internet Files folder emptied: 1519459 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 393616213 bytes
->Flash cache emptied: 24158 bytes
 
User: Test Account
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 178740 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 167655167 bytes
 
Total Files Cleaned = 688.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11212013_201311

Files\Folders moved on Reboot...
C:\Documents and Settings\Paul_2\Local Settings\Temp\RarSFX0\SecurityCheck\install58.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 



#82 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 21 November 2013 - 04:00 PM

# AdwCleaner v3.012 - Report created 21/11/2013 at 21:21:53
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Paul_2 - USER-E862545A71
# Running from : C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Lynda\Application Data\Mozilla\Firefox\Profiles\gqz3rbvy.default\prefs.js ]


[ File : C:\Documents and Settings\Paul_2\Application Data\Mozilla\Firefox\Profiles\yelom9v9.default-1382486551218\prefs.js ]


*************************

AdwCleaner[R0].txt - [13038 octets] - [03/11/2013 22:23:23]
AdwCleaner[R1].txt - [1498 octets] - [21/11/2013 21:13:31]
AdwCleaner[S0].txt - [13138 octets] - [03/11/2013 22:25:05]
AdwCleaner[S1].txt - [1427 octets] - [21/11/2013 21:21:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1487 octets] ##########
 

 

 

 

 

 

 

 

OTL logfile created on: 21/11/2013 21:29:23 - Run 8
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Paul_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.06% Memory free
3.35 Gb Paging File | 2.88 Gb Available in Paging File | 85.93% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 34.38 Gb Free Space | 23.07% Space Free | Partition Type: NTFS
 
Computer Name: USER-E862545A71 | User Name: Paul_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Paul_2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\WINDOWS\system32\mkunicode.dll ()
MOD - C:\WINDOWS\system32\mmfinfo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\Paul_2\LOCALS~1\Temp\catchme.sys File not found
DRV - (RapportCerberus_59849) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys ()
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C4 D8 9E 58 A1 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
 
[2013/07/13 21:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul_2\Application Data\Mozilla\Extensions
[2013/11/20 17:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/20 17:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/20 17:08:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/11/03 01:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1349191978390 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCCFDC7E-C44D-4C7C-8F3A-86869B58B6B8}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/24 16:44:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/20 17:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/20 16:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\VS Revo Group
[2013/11/20 16:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2013/11/20 16:55:22 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013/11/20 16:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2013/11/20 16:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/11/20 16:54:05 | 010,031,224 | ---- | C] (VS Revo Group                                               ) -- C:\Documents and Settings\Paul_2\Desktop\RevoUninProSetup.exe
[2013/11/19 21:25:40 | 001,898,232 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Paul_2\Desktop\rkill.com
[2013/11/16 22:23:31 | 000,000,000 | ---D | C] -- C:\RK_Quarantine
[2013/11/15 18:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Desktop\RK_Quarantine
[2013/11/14 22:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/11/13 22:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/13 22:15:13 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Paul_2\Desktop\esetsmartinstaller_enu.exe
[2013/11/13 21:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Application Data\Malwarebytes
[2013/11/13 21:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/13 21:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/13 21:14:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/11/13 21:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/13 21:08:50 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Paul_2\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/10 23:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\My Documents\Breast milk for men preview
[2013/11/05 00:03:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/11/04 23:50:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/03 22:23:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/03 01:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/11/03 01:05:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/11/03 01:01:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/11/03 01:01:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/11/03 01:01:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/11/03 01:01:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/11/03 00:24:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/03 00:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/11/02 22:25:34 | 005,143,186 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 22:10:34 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/11/02 19:07:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:15:15 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/10/25 02:34:18 | 000,108,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2013/10/23 00:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Desktop\Old Firefox Data
[2012/10/01 14:48:38 | 048,745,576 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Program Files\spybotsd-2.0.10-rc2.exe
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/21 21:48:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B4DD41ED-D92A-4751-8FBA-5EC5BF6021DA}.job
[2013/11/21 21:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/21 21:24:55 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/21 21:24:55 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/21 21:24:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/21 21:24:54 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/11/21 21:24:54 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/21 21:24:54 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/21 21:24:54 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
[2013/11/21 21:24:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/21 21:11:14 | 001,085,542 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/21 19:09:51 | 000,891,200 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\SecurityCheck.exe
[2013/11/20 21:06:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/11/20 16:55:24 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/11/20 16:54:07 | 010,031,224 | ---- | M] (VS Revo Group                                               ) -- C:\Documents and Settings\Paul_2\Desktop\RevoUninProSetup.exe
[2013/11/20 00:30:00 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/11/19 22:25:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/11/19 17:00:08 | 001,898,232 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Paul_2\Desktop\rkill.com
[2013/11/18 00:55:47 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/16 21:23:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/15 19:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
[2013/11/15 18:53:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/15 18:22:28 | 003,679,744 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\RogueKiller.exe
[2013/11/15 17:22:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/15 00:54:31 | 021,566,942 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-USGbini 72.wmv
[2013/11/13 22:15:53 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Paul_2\Desktop\esetsmartinstaller_enu.exe
[2013/11/13 21:17:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/13 21:09:12 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Paul_2\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/13 20:10:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/12 23:31:02 | 000,277,099 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+Yykjq9jzXF2x.jpg
[2013/11/12 23:30:44 | 000,322,065 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-z-Ik_r18KKx.jpg
[2013/11/12 23:30:17 | 000,243,259 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-d2jj5FYLnXx.jpg
[2013/11/12 17:43:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/11/12 17:43:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/11/08 23:08:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/03 01:16:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/11/03 01:05:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/11/02 22:25:38 | 005,143,186 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 19:07:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:52:12 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:15:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/11/01 15:54:18 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/10/30 23:10:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/30 23:07:37 | 000,071,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/25 02:34:18 | 000,108,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/21 21:11:13 | 001,085,542 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/21 19:09:50 | 000,891,200 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\SecurityCheck.exe
[2013/11/20 16:55:24 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2013/11/15 18:22:27 | 003,679,744 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\RogueKiller.exe
[2013/11/15 00:54:22 | 021,566,942 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-USGbini 72.wmv
[2013/11/13 21:17:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/12 23:31:01 | 000,277,099 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+Yykjq9jzXF2x.jpg
[2013/11/12 23:30:43 | 000,322,065 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-z-Ik_r18KKx.jpg
[2013/11/12 23:30:15 | 000,243,259 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-d2jj5FYLnXx.jpg
[2013/11/03 01:05:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/11/03 01:05:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/11/03 01:01:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/11/03 01:01:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/11/03 01:01:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/11/03 01:01:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/11/03 01:01:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/11/02 18:42:39 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:40:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/01/23 22:33:35 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\dt.dat
[2013/01/22 21:13:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/25 00:03:39 | 000,172,507 | ---- | C] () -- C:\WINDOWS\hpoins38.dat
[2012/10/25 00:03:39 | 000,000,548 | ---- | C] () -- C:\WINDOWS\hpomdl38.dat
[2012/10/04 12:33:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/10/04 12:28:36 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/10/01 15:35:23 | 000,000,961 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/01 01:12:03 | 000,069,780 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sjpsusgqpvupxbp
[2012/08/16 21:57:30 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jejtrhljsoaszej
[2012/06/03 20:20:13 | 000,161,744 | ---- | C] () -- C:\Program Files\0cres.dll
[2012/02/16 22:10:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/02 01:06:22 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2011/12/02 01:06:21 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/06/10 21:46:52 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 19:00:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\FASTWiz.html
 
========== ZeroAccess Check ==========
 
[2011/09/29 20:42:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879

< End of report >
 



#83 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 November 2013 - 11:07 PM

Hi cousinkevin,

Your logs appear to be clean, but you computer needs to be defragged.

bullseye_zpse9eaf36e.gif Disk Defragmenter for XP
  • Open My Computer.
  • Right-click the local disk volume that you want to defragment, and then click Properties.
  • On the Tools tab, click Defragment Now.
  • Click Defragment.
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

In your next post please provide the following:
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#84 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 22 November 2013 - 01:20 PM

Defrag froze at analysis stage. Although I was able to run an analysis which stated "the volume did not require defraging.

 

Here's a log.

 

I still can't see why my PC is running so poorly if I am free of Malware, Spyware & Viruses?

 

 

 

Volume (C:)
    Volume size                                = 149 GB
    Cluster size                               = 4 KB
    Used space                                 = 115 GB
    Free space                                 = 34.26 GB
    Percent free space                         = 22 %

Volume fragmentation
    Total fragmentation                        = 7 %
    File fragmentation                         = 15 %
    Free space fragmentation                   = 0 %

File fragmentation
    Total files                                = 135,090
    Average file size                          = 1 MB
    Total fragmented files                     = 7,247
    Total excess fragments                     = 70,422
    Average fragments per file                 = 1.52

Pagefile fragmentation
    Pagefile size                              = 1.50 GB
    Total fragments                            = 2

Folder fragmentation
    Total folders                              = 9,048
    Fragmented folders                         = 176
    Excess folder fragments                    = 2,752

Master File Table (MFT) fragmentation
    Total MFT size                             = 192 MB
    MFT record count                           = 145,883
    Percent MFT in use                         = 74 %
    Total MFT fragments                        = 3

 


Edited by cousinkevin, 23 November 2013 - 05:18 PM.


#85 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 November 2013 - 02:31 PM

Hi cousinkevin,

Malware isn't the only reason a computer can be running poorly. By today's standards your computer doesn't appear to have enough resources to perform to the level you would like. You are running Windows XP which was released in August 2001. Not to say XP is/was not a good OS but, Windows has released Vista, Windows 7 and recently Windows 8. Unfortunately, it might be time for you to consider an upgrade of both your Operating System and computer in the hopes of regaining some of the performance you experienced in the past.

We have removed all the malware present. We have checked the integrity of your hard drive and it checked out OK. You have defragged the hard drive, and it appears fine also. You have moved some of the files/programs from the primary hard drive to free up some space.

= = = = = = = = = = = = = = = = = = = =

I can see by the defrag log you posted that you have numerous video files on your computer. Perhaps you could move some of these to your external source, or delete them if you no longer want them. Just in the defrag log you have almost almost 4 GB of video files.

= = = = = = = = = = = = = = = = = = = =

Do you have any questions?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#86 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 22 November 2013 - 06:12 PM

Are you saying you've done what can be done for me?

I know it's old but it was performing better until recently, I was trying to squeeze a bit more life out of it until I can afford a new Laptop. Not being able to work is delaying a new purchase.

Generally programs opened and ran not instantly but reasonably quick.

Shutting down was no more than a minute or so ( never timed it ) now it's 20 mins or so.

 

Is re-installing windows a route to go down obviously I'm not that techy ( but can follow instructions ) and I don't want to throw more money at it with a local technician?

 

There are a couple more minor issues I have if you could deal with or are you wrapping up the topic?

 

1. Auto run doesn't work for connected drives.

 

2. The safely remove hardware tool only works sometimes. Is this function important?

 

 

Can you name any processors for when I get a laptop? I was thinking something in the mid range like core i5 ( or equivalent ) as I'm not a hardcore gamer.



#87 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 November 2013 - 12:42 AM

Hi cousinkevin,
 

Are you saying you've done what can be done for me?

I'm afraid so.

 

Is re-installing windows a route to go down obviously I'm not that techy ( but can follow instructions ) and I don't want to throw more money at it with a local technician?

It is an option if you have Windows disks. If you would like to pursue this route let me know what disks you have.

 

Can you name any processors for when I get a laptop? I was thinking something in the mid range like core i5 ( or equivalent ) as I'm not a hardcore gamer.

I have no specific recommendation, available system resources change so rapidly that what might be good today will be outdated in a few months. I'm confident when you are ready to make that purchase research at that time will help you determine what is an appropriate processor.

 

  • If you have no other questions we can move on to do a little bit of housekeeping.
  • If you would like to reformat and re-install Windows let me know and we can begin the process.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#88 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 23 November 2013 - 04:41 PM

Found the XP home disk SP2. But on reflection I'd have to move all media and other files, save emails and browser settings/bookmarks for me and my Mothers profiles. So I'll skip the re-installation as I think it'll be too much hastle. Unless there was a way of re-installing without having to wipe the HDD.

 

It does shut down or reboot quickly if it hasn't been on for long.



#89 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 November 2013 - 08:26 PM

Hi cousinkevin,

Yes, you would have to back-up those files/programs you wish to keep on an external source, then re-install those items. It will return your computer back to the condition when you purchased it.

There is another option, but I'm not sure if you will realize much benefit from it. Roll back your system to a System Restore Point prior to when the problems first started.

If you choose to do the System Restore, I'd like you to post new OTL scan to make sure no malware is present. You will have to re-download OTL to perform the scan.

=========================

bullseye_zpse9eaf36e.gif How to use System Restore to restore Windows XP to a previous state
  • Log on to Windows as an administrator.
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. (The screen shot for this step is listed below).
systemrestorexp1_zps00c7a108.png
  • On the Welcome to System Restore page, click to select the Restore my computer to an earlier time option, and then click Next. (The screen shot for this step is listed below).
systemrestorexp2_zpsa86fe0e3.png
  • On the Select a Restore Point page, click the most recent system restore point in the On this list, click a restore point list, and then click Next.
  • Select a Restore Point prior to the date the problem started
  • Note A System Restore message may appear that lists configuration changes that System Restore will make. Click OK. (The screen shot for this step is listed below).
systemrestorexp3_zps5122cdf5.png
  • On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then restarts the computer.
  • Log on to the computer as an administrator. Then, click OK on the System Restore Restoration Complete page. (The screen shot for this step is listed below).
systemrestorexp4_zps6ebec5be.png

=========================

Update date me on what course of action you will be taking.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#90 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 24 November 2013 - 12:13 PM

The earliest restore point is 27 August 2013. This seems strange as I did have a technician re-install XP but that was 2-3 years ago.

There has been a noticeable drop in performance post August 27 so do you think I should try that date?

There are two options on that date "software distribution service 3.0" and "system checkpoint" which is about 10 minutes earlier.

Even if it means repeating some steps that would be acceptable.


Related Topics



1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users