Solved Laptop running slow and won't allow some critical updates...logs attached

Status
Not open for further replies.
Let's search in manually, then...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *frostwire*

    :folderfind
    *frostwire*

    :regfind
    frostwire
    Click to expand...
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
lSystemLook 30.07.11 by jpshortstuff
Log created at 14:07 on 10/10/2012 by Jonathan
Administrator - Elevation successful

========== filefind ==========

Searching for "*frostwire*"
C:\Program Files (x86)\FrostWire\App\DefaultData\FrostWire\frostwire.props --a---- 731 bytes [17:50 13/07/2008] [17:50 13/07/2008] 4ACA886DA80574B85601EAA2425428B4
C:\Program Files (x86)\FrostWire\App\DefaultData\settings\FrostWirePortableSettings.ini --a---- 76 bytes [23:44 23/03/2008] [23:44 23/03/2008] B3D987A478A619A668B924F2096F6504
C:\Program Files (x86)\FrostWire\App\frostwire\FrostWire.exe --a---- 114688 bytes [04:50 20/11/2010] [04:50 20/11/2010] 4939D0506630168E691C7D389435A773
C:\Program Files (x86)\FrostWire\App\frostwire\FrostWire.ico --a---- 60064 bytes [04:50 20/11/2010] [04:50 20/11/2010] 754490D01DE6F6E361D7D133ECB13C20
C:\Program Files (x86)\FrostWire\App\frostwire\FrostWire.jar --a---- 8199991 bytes [08:00 17/02/2011] [08:00 17/02/2011] BBAFC3D46F43BE794DBD328D3C37F2E9
C:\Program Files (x86)\FrostWire\Data\settings\FrostWirePortableSettings.ini --a---- 685 bytes [08:09 17/02/2011] [08:09 17/02/2011] 1120AB10DF6C56A0A1276C4BB9C4244C
C:\Program Files (x86)\FrostWire\Data\settings\FrostWire\frostwire.props --a---- 916 bytes [08:09 17/02/2011] [08:09 17/02/2011] C6418ECA9A73F956154D8B05318E6EFF
C:\Program Files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme.fwtp --a---- 880 bytes [08:09 17/02/2011] [08:09 17/02/2011] D74F1C8B608C39EBC6276A2717CF871D
C:\Program Files (x86)\FrostWire\Other\Source\frostwire logo.ai --a---- 337513 bytes [20:50 13/07/2008] [20:50 13/07/2008] 3E7236CCB4335EB2069A0677B3DEF4EF
C:\Program Files (x86)\FrostWire\Other\Source\FrostWirePortable.ini --a---- 460 bytes [16:59 31/07/2008] [16:59 31/07/2008] 2E26B203B47C68118D09BB1ECCCBB223
C:\Program Files (x86)\FrostWire\Other\Source\FrostWirePortable.jpg --a---- 35937 bytes [17:24 16/01/2008] [17:24 16/01/2008] 92983E999E12CE1DB6BD786F9E6BB9FE
C:\Program Files (x86)\FrostWire\Other\Source\FrostWirePortable.nsi --a---- 13491 bytes [18:12 13/07/2008] [18:12 13/07/2008] 6064A2ACE07AA99A86E71E0CC0E4C061
C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk --a---- 1049 bytes [21:14 08/07/2011] [22:54 08/07/2011] 6228EDD8105D745CB1C66AFCA8FDE9E1
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire\FrostWire.lnk --a---- 840 bytes [21:14 08/07/2011] [22:54 08/07/2011] 7E425D73CAABE1AE88E8CFD31743AEC2

========== folderfind ==========

Searching for "*frostwire*"
C:\Program Files (x86)\FrostWire d------ [21:14 08/07/2011]
C:\Program Files (x86)\FrostWire\App\frostwire d------ [21:14 08/07/2011]
C:\Program Files (x86)\FrostWire\App\DefaultData\FrostWire d------ [21:14 08/07/2011]
C:\Program Files (x86)\FrostWire\Data\settings\FrostWire d------ [21:14 08/07/2011]
C:\Program Files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme d------ [21:14 08/07/2011]
C:\Users\Jonathan\Frostwire d------ [19:10 09/07/2011]
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire d------ [21:14 08/07/2011]
C:\Users\Jonathan\Documents\FrostWire d------ [18:45 09/07/2011]
C:\Users\Jonathan\Music\Frostwire d------ [16:32 28/07/2011]

========== regfind ==========

Searching for "frostwire"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\FrostWire\FrostWire.exe"="VISTARTM"

-= EOF =
 
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::

    File::
    C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk

    Folder::
    C:\Program Files (x86)\FrostWire
    C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
    C:\Users\Jonathan\Frostwire
    C:\Users\Jonathan\Documents\FrostWire
    C:\Users\Jonathan\Music\Frostwire
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
Log...

ComboFix 12-10-10.02 - Jonathan 10/10/2012 14:33:37.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4346 [GMT -5:00]
Running from: c:\users\Jonathan\Downloads\ComboFix.exe
Command switches used :: c:\users\Jonathan\Documents\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FrostWire
c:\program files (x86)\FrostWire\App\AppInfo\appicon.ico
c:\program files (x86)\FrostWire\App\AppInfo\appinfo.ini
c:\program files (x86)\FrostWire\App\DefaultData\FrostWire\frostwire.props
c:\program files (x86)\FrostWire\App\DefaultData\FrostWire\installation.props
c:\program files (x86)\FrostWire\App\DefaultData\settings\FrostWirePortableSettings.ini
c:\program files (x86)\FrostWire\App\frostwire\aopalliance.jar
c:\program files (x86)\FrostWire\App\frostwire\clink.jar
c:\program files (x86)\FrostWire\App\frostwire\commons-codec-1.3.jar
c:\program files (x86)\FrostWire\App\frostwire\commons-logging.jar
c:\program files (x86)\FrostWire\App\frostwire\daap.jar
c:\program files (x86)\FrostWire\App\frostwire\EULA.txt
c:\program files (x86)\FrostWire\App\frostwire\forms.jar
c:\program files (x86)\FrostWire\App\frostwire\foxtrot.jar
c:\program files (x86)\FrostWire\App\frostwire\FrostWire.exe
c:\program files (x86)\FrostWire\App\frostwire\FrostWire.ico
c:\program files (x86)\FrostWire\App\frostwire\FrostWire.jar
c:\program files (x86)\FrostWire\App\frostwire\gettext-commons.jar
c:\program files (x86)\FrostWire\App\frostwire\GPL2.txt
c:\program files (x86)\FrostWire\App\frostwire\GPL3.txt
c:\program files (x86)\FrostWire\App\frostwire\gson-1.4.jar
c:\program files (x86)\FrostWire\App\frostwire\guice-1.0.jar
c:\program files (x86)\FrostWire\App\frostwire\hashes
c:\program files (x86)\FrostWire\App\frostwire\httpclient-4.0-alpha3.jar
c:\program files (x86)\FrostWire\App\frostwire\httpclient-4.0.jar
c:\program files (x86)\FrostWire\App\frostwire\httpcore-4.0-beta2.jar
c:\program files (x86)\FrostWire\App\frostwire\httpcore-4.0.1.jar
c:\program files (x86)\FrostWire\App\frostwire\httpcore-nio-4.0-beta2.jar
c:\program files (x86)\FrostWire\App\frostwire\httpcore-nio-4.0.1.jar
c:\program files (x86)\FrostWire\App\frostwire\httpcore-niossl-4.0-alpha7.jar
c:\program files (x86)\FrostWire\App\frostwire\icu4j.jar
c:\program files (x86)\FrostWire\App\frostwire\inspection.props
c:\program files (x86)\FrostWire\App\frostwire\jaudiotagger.jar
c:\program files (x86)\FrostWire\App\frostwire\jcip-annotations.jar
c:\program files (x86)\FrostWire\App\frostwire\jcraft.jar
c:\program files (x86)\FrostWire\App\frostwire\jdic.dll
c:\program files (x86)\FrostWire\App\frostwire\jdic.jar
c:\program files (x86)\FrostWire\App\frostwire\jdic_stub.jar
c:\program files (x86)\FrostWire\App\frostwire\jflac.jar
c:\program files (x86)\FrostWire\App\frostwire\jl.jar
c:\program files (x86)\FrostWire\App\frostwire\jmdns.jar
c:\program files (x86)\FrostWire\App\frostwire\jogg.jar
c:\program files (x86)\FrostWire\App\frostwire\jorbis.jar
c:\program files (x86)\FrostWire\App\frostwire\jython.jar
c:\program files (x86)\FrostWire\App\frostwire\launch.properties
c:\program files (x86)\FrostWire\App\frostwire\log.txt
c:\program files (x86)\FrostWire\App\frostwire\log4j.jar
c:\program files (x86)\FrostWire\App\frostwire\log4j.properties
c:\program files (x86)\FrostWire\App\frostwire\looks.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-all.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-azureus.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-collection.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-common.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-http.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-io.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-mojito.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-net.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-nio.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-resources.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-rudp.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-security.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-setting.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-statistic.jar
c:\program files (x86)\FrostWire\App\frostwire\messages.jar
c:\program files (x86)\FrostWire\App\frostwire\mp3spi.jar
c:\program files (x86)\FrostWire\App\frostwire\onion-common.jar
c:\program files (x86)\FrostWire\App\frostwire\onion-fec.jar
c:\program files (x86)\FrostWire\App\frostwire\pmf.ico
c:\program files (x86)\FrostWire\App\frostwire\ProgressTabs.jar
c:\program files (x86)\FrostWire\App\frostwire\seenMessages.dat
c:\program files (x86)\FrostWire\App\frostwire\splash.jar
c:\program files (x86)\FrostWire\App\frostwire\SystemUtilities.dll
c:\program files (x86)\FrostWire\App\frostwire\SystemUtilitiesA.dll
c:\program files (x86)\FrostWire\App\frostwire\themes.jar
c:\program files (x86)\FrostWire\App\frostwire\tray.dll
c:\program files (x86)\FrostWire\App\frostwire\tritonus.jar
c:\program files (x86)\FrostWire\App\frostwire\Uninstall.exe
c:\program files (x86)\FrostWire\App\frostwire\vorbisspi.jar
c:\program files (x86)\FrostWire\App\readme.txt
c:\program files (x86)\FrostWire\Data\settings\FrostWire\frostwire.props
c:\program files (x86)\FrostWire\Data\settings\FrostWire\installation.props
c:\program files (x86)\FrostWire\Data\settings\FrostWire\library.dat
c:\program files (x86)\FrostWire\Data\settings\FrostWire\mojito.props
c:\program files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme.fwtp
c:\program files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme\theme.txt
c:\program files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme\version.txt
c:\program files (x86)\FrostWire\Data\settings\FrostWirePortableSettings.ini
c:\program files (x86)\FrostWire\Other\Help\images\donation_button.png
c:\program files (x86)\FrostWire\Other\Help\images\favicon.ico
c:\program files (x86)\FrostWire\Other\Help\images\help_background_footer.png
c:\program files (x86)\FrostWire\Other\Help\images\help_background_header.png
c:\program files (x86)\FrostWire\Other\Help\images\help_logo_top.png
c:\program files (x86)\FrostWire\Other\Source\AppSource.txt
c:\program files (x86)\FrostWire\Other\Source\frostwire logo.ai
c:\program files (x86)\FrostWire\Other\Source\FrostWirePortable.ini
c:\program files (x86)\FrostWire\Other\Source\FrostWirePortable.jpg
c:\program files (x86)\FrostWire\Other\Source\FrostWirePortable.nsi
c:\program files (x86)\FrostWire\Other\Source\License.txt
c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstaller-old.nsi
c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstaller.bmp
c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstaller.nsi
c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstallerLANG_ENGLISH.nsh
c:\program files (x86)\FrostWire\Other\Source\ReadINIStrWithDefault.nsh
c:\program files (x86)\FrostWire\Other\Source\Readme.txt
c:\users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk
c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire\FrostWire.lnk
c:\users\Jonathan\Documents\FrostWire
c:\users\Jonathan\Documents\FrostWire\Torrents\Lil' Wayne - How To Love.mp3.torrent
c:\users\Jonathan\Documents\FrostWire\Torrents\Lil Wayne ft.Rick Ross - John (2011 Explicit)@JB59.mp4.torrent
c:\users\Jonathan\Frostwire
c:\users\Jonathan\Frostwire\Lil' Wayne - How To Love.mp3.torrent
c:\users\Jonathan\Music\Frostwire
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 19:38 . 2012-10-10 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 16:41 . 2012-10-10 16:41 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06BEBFB0-3B34-46DD-B880-4BD72B27CBE2}\offreg.dll
2012-10-10 16:08 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06BEBFB0-3B34-46DD-B880-4BD72B27CBE2}\mpengine.dll
2012-10-10 15:53 . 2012-10-10 15:53 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-10-09 18:10 . 2012-10-09 18:10 -------- d-----w- c:\program files (x86)\ESET
2012-10-05 18:03 . 2012-10-05 18:04 -------- d-----w- c:\programdata\HitmanPro
2012-10-05 01:40 . 2012-10-05 01:43 -------- d-----w- c:\users\Jonathan\Tracing
2012-10-04 22:30 . 2012-04-20 21:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-10-04 21:02 . 2012-10-04 21:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-04 18:19 . 2012-10-04 18:19 -------- d-----w- C:\FRST
2012-10-04 04:22 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-10-04 02:44 . 2012-10-04 02:44 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Malwarebytes
2012-10-04 02:43 . 2012-10-04 02:43 -------- d-----w- c:\programdata\Malwarebytes
2012-10-04 02:43 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-04 02:43 . 2012-10-04 02:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-04 02:20 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-04 02:20 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-04 01:46 . 2012-10-04 01:46 -------- d-----w- c:\users\Jonathan\AppData\Local\Secunia PSI
2012-10-04 01:45 . 2012-10-04 01:45 -------- d-----w- c:\program files (x86)\Secunia
2012-10-04 00:21 . 2012-10-04 00:21 -------- d-----w- c:\users\Jonathan\AppData\Roaming\SUPERAntiSpyware.com
2012-10-04 00:20 . 2012-10-04 00:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-04 00:20 . 2012-10-04 00:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-04 00:13 . 2010-01-11 00:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-10-04 00:13 . 2012-10-04 00:15 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-10-04 00:08 . 2012-10-04 00:08 -------- d-----w- c:\users\Jonathan\AppData\Local\Macromedia
2012-10-03 23:55 . 2012-10-03 23:55 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2012-10-03 23:41 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-10-03 23:41 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-10-03 23:41 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-10-03 23:41 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-10-03 23:41 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 23:41 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-10-03 23:41 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-10-03 22:50 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-03 22:35 . 2012-10-03 22:35 -------- d-----w- c:\program files\Microsoft Silverlight
2012-10-03 22:28 . 2012-10-03 23:29 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-03 22:23 . 2012-10-03 22:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-03 22:23 . 2012-10-03 22:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-03 22:22 . 2012-10-03 22:22 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-03 22:22 . 2012-10-03 22:22 -------- d-----w- c:\program files (x86)\Java
2012-10-03 22:00 . 2012-10-03 22:00 -------- d-----w- c:\users\Jonathan\AppData\Local\Mozilla
2012-10-03 22:00 . 2012-10-03 22:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-03 21:42 . 2012-10-03 21:42 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 23:29 . 2011-06-13 20:14 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 22:22 . 2011-07-09 18:23 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-18 02:29 . 2011-05-31 04:25 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-27 20:51 . 2012-07-27 20:51 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2012-07-27 20:51 . 2012-07-27 20:51 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2012-07-18 18:15 . 2012-08-24 08:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 19:55 . 2010-10-14 03:28 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-07-17 19:52 . 2010-10-14 03:28 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-07-17 19:52 . 2011-05-20 18:23 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-07-17 19:51 . 2011-05-20 18:23 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-07-17 19:51 . 2010-10-14 03:28 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-07-17 19:50 . 2010-10-14 03:28 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-07-17 19:49 . 2010-10-14 03:28 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-07-17 19:48 . 2010-10-14 03:28 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-07-17 19:48 . 2010-10-14 03:28 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-07-16 12:30 . 2012-07-16 12:30 4024320 ----a-w- c:\program files (x86)\GUT67B1.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-06-11 21:22 1307728 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 250288]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-31 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 23:29]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 20:17]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 20:17]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D10AB58E-75A9-4575-B9C4-BC677D6061AC}\653405962716475637: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\xf9im9nl.default\
FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/USCON/1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\01\1b\16-(R"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-10 14:40:03
ComboFix-quarantined-files.txt 2012-10-10 19:40
ComboFix2.txt 2012-10-07 23:55
.
Pre-Run: 570,574,077,952 bytes free
Post-Run: 570,426,544,128 bytes free
.
- - End Of File - - BA723B039C0489C8C22C7EA78830F8D2
 
Excellent! We will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete
Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
I have windows7 and was able to create restore point and do the disk cleanup...but I don't have a tab called more options there to do the the system restore and shadow backup clean up...how do you do that for my version of windows? also I downloaded the slim version of ccleaner and did those steps and already have the regular free version of ccleaner...what's the difference between the slim free and regular free and which one should I keep because I don't need 2 versions...

log....

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Secunia PSI (3.0.0.4001)
Malwarebytes Anti-Malware version 1.65.0.1400
Java 7 Update 7
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
You can get rid of either one. The slim version doesn't include the toolbar or browser, but if you're smart about installing programs, then you won't install the toolbar or web browser they try to get you to install. The slim version just helps us ensure you don't install that extra stuff.

For deleting the old Restore Points, go to CCleaner, click the Tools > System Restore tab. Select all of the current Restore Points, and click on Remove. The one you just created, you won't be able to delete.
 
Status
Not open for further replies.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
D
Beware of PUP infections from these
Replies
0
Views
3K
DelJo63
D
D
Solved Some serious adware and possibly worse
Replies
21
Views
13K
Broni
Broni

Latest posts

Back