TechSpot

Slow internet

By Walletwacker2
Feb 12, 2011
  1. My computer is fine for a while and then it slows way down and almost freezes up. Her are my logs:

    MBAM
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5749

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    2/12/2011 12:55:58 PM
    mbam-log-2011-02-12 (12-55-58).txt

    Scan type: Quick scan
    Objects scanned: 140289
    Time elapsed: 5 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-12 13:22:04
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000052 ST325082 rev.3.AA
    Running: 4r2gz0yn.exe; Driver: C:\Users\M&M\AppData\Local\Temp\aglcypob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8CE7C82E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8CE7C652]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8CE7C78C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    DDS

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by M&M at 13:10:07.55 on Sat 02/12/2011
    Internet Explorer: 8.0.6001.19019
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.894.113 [GMT -5:00]

    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    C:\Windows\system32\FreezeScreenSaver.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\LEXBCES.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\LEXPPS.EXE
    C:\Windows\system32\lxbmcoms.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Self-Repair Technician\SrtMonitor.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\M&M\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5230
    mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5230
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5230
    uURLSearchHooks: H - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web

    printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

    files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web

    printing\hpswp_BHO.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
    TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web

    printing\hpswp_bho.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
    mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
    mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [LMPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\LMPDPSRV.EXE
    mRun: [FinePointSIS] c:\users\m&m\appdata\local\temp\fplicensereg.exe Zhimakaimen /FinePointSIS /FPSIS_QuitNow /Remove_All
    mRun: [FinePointTILite] c:\progra~1\cavali~1\fplicensereg.exe Zhimakaimen /FinePointTILite
    mRun: [TotalInternetReg] c:\progra~1\cavali~1\fplicensereg.exe Zhimakaimen /TotalInternetReg /TotalInternetQuitEvent
    mRun: [Skytel] Skytel.exe
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Lexmark 4200 Series] "c:\program files\lexmark 4200 series\lxbmbmgr.exe"
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [hpqSRMon]
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\m&m\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program

    files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

    imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program

    files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music

    jukebox\ymetray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01

    \bin\npjpi160_01.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12

    \ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12

    \REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital

    imaging\smart web printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
    DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://my.uni-solar.com/dana-cached/sc/JuniperSetupClient.cab

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-8-18 294608]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-18 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-8-18 51280]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-11 40384]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-10 21504]
    R2 FreezeScreenSaver;FreezeScreenSaver;c:\windows\system32\FreezeScreenSaver.exe [2008-2-19 69632]
    R2 lxbm_device;lxbm_device;c:\windows\system32\lxbmcoms.exe -service --> c:\windows\system32\lxbmcoms.exe -service [?]
    R2 SrtMonitor;Srt Monitor Service;c:\program files\self-repair technician\SrtMonitor.exe [2007-11-1 186368]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319

    \mscorsvw.exe [2010-3-18 130384]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\google\google desktop

    search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys

    [2006-11-2 2589184]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

    \wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-02-11 14:10:13 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e1c6f014-66dc-

    4934-8046-b6f70b54ea2c}\mpengine.dll
    2011-02-09 18:37:07 2039808 ----a-w- c:\windows\system32\win32k.sys

    ==================== Find3M ====================

    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe

    ============= FINISH: 13:12:39.05 ===============



    Thanks in advance for your help.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    [​IMG]
    (Image courtesy animationplayhouse.com)

    Welcome to TechSpot!
    What you are reporting can be attributed to any or all of the following:
    1. Too many processes running including 2 printers, HP and Lexmark
    2. Not enough RAM> if you reboot does it work better, then start slowing down?
    3. Excess temporary internet files> do you do routine maintenance on the system such as delete temporary internet files and Cookies, disc cleanup, defrag, Error Check?
    4. The ISP/time of day/heavy internet traffic.

    ==========================================
    Next time you open Notepad for a log, please click on Format> Uncheck 'Word Wrap' first. It's difficult to read the logs when they wrap.
    ==========================================
    Java is outdated and presents a vulnerability to the system. Please
    Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs . I see v6u1. If there are any others, uninstall them also.

    The Adobe Reader is outdated. Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    =========================================
    Please be sure Word Wrap is off:
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Mbm is clean. GMER is clean
     
  3. Walletwacker2

    Walletwacker2 TS Rookie Topic Starter

    I removed many of the unused programs, reduced what is running in the background. This machine has not had the temp files deleted regularly, or beeen defrag'd in a long time. I updated Java, removed old Java, and the same for adobe reader. Here is the Combofix log:

    ComboFix 11-02-12.02 - M&M 02/13/2011 13:20:27.1.2 - x86
    Running from: c:\users\M&M\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Common Files\Uninstall
    c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk
    c:\programdata\Microsoft\Windows\Start Menu\PAV
    c:\programdata\Microsoft\Windows\Start Menu\PAV\Uninstall.lnk
    c:\windows\system32\jgaw400.dll
    c:\windows\system32\spool\prtprocs\w32x86\LMPriNT.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_FreezeScreenSaver


    ((((((((((((((((((((((((( Files Created from 2011-01-13 to 2011-02-13 )))))))))))))))))))))))))))))))
    .

    2011-02-13 18:01 . 2011-02-13 18:03 -------- d-----w- c:\program files\Common Files\Adobe
    2011-02-13 17:55 . 2011-02-13 17:55 -------- d-----w- c:\program files\NOS
    2011-02-13 16:26 . 2011-02-13 16:26 -------- d-----w- c:\program files\Common Files\Java
    2011-02-13 16:26 . 2011-02-13 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-13 16:25 . 2011-02-13 16:25 -------- d-----w- c:\program files\Java
    2011-02-11 14:10 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1C6F014-66DC-4934-8046-B6F70B54EA2C}\mpengine.dll
    2011-02-09 18:37 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
    2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 08:47 . 2008-08-19 00:32 188216 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 08:41 . 2008-08-19 00:33 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2008-08-19 00:37 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2008-08-19 00:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2008-08-19 00:32 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2008-08-19 00:33 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-31 20:06 . 2010-07-14 00:53 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-28 15:55 . 2011-01-12 00:12 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-20 23:09 . 2011-01-12 18:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2011-01-12 18:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-14 14:49 . 2011-01-12 00:12 1169408 ----a-w- c:\windows\system32\sdclt.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2010-10-14 17:56 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-09-18 26112]
    "LMPDPSRV"="c:\windows\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-07-11 45056]
    "Skytel"="Skytel.exe" [2007-04-05 1822720]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-06 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-06 8429568]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-06 81920]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

    c:\users\M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-28 813584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
    R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-13 c:\windows\Tasks\User_Feed_Synchronization-{AE12512E-2EA3-408D-A0BA-E57E6CE17E9D}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5230
    uInternet Settings,ProxyOverride = <local>
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
    HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
    HKLM-Run-BigFix - c:\program files\Bigfix\bigfix.exe
    HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
    HKLM-Run-TotalInternetReg - c:\progra~1\CAVALI~1\fplicensereg.exe
    HKLM-Run-Lexmark 4200 Series - c:\program files\Lexmark 4200 Series\lxbmbmgr.exe
    HKLM-Run-hpqSRMon - (no file)
    AddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-13 13:41
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3024)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\System32\LEXBCES.EXE
    c:\windows\System32\LEXPPS.EXE
    c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\windows\system32\RacAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-13 13:55:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-13 18:54

    Pre-Run: 177,518,915,584 bytes free
    Post-Run: 177,197,342,720 bytes free

    - - End Of File - - F3688F550C50A07B8F4E910BE17FE1A4


    This computer has frozen up several times while I have been updating programs and trying to upload the combofix log. Also, after combofix was done and I opened Internet Explorer it gave me the message that Internet Explorer was not the default web browser, there are no other browsers installed on this computer. It also gave me a message about the default search engine and I removed 2 Alot and Rage Page.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Hope you don't mind my attempt at humor here: Do you think you would perform well if you never had a shower and got clean clothes? Don't expect a computer with virtually no maintenance to perform well.
    ===============================================================
    The deletion of this one, D:\Autorun.inf suggest a possible FlashDrive infection:
    Threat Removal Procedure:

    • [1]. Download Flash_Disinfector and save it to your Desktop.
      [2]. After downloading, double-click on Flash_Disinfector to run it.
      [3]. Just follow the prompts and continue until it begin scanning.
      [​IMG]
      [4]. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
      [5]. It will scan removable drives, wait for the scan to finish. Done.

    What will Flash Disinfector Do
    - Clean up junks created by flash malwares
    - Deletes autorun.inf from every root folder
    - Fix back damages done to your system
    - Creates an autorun.inf folder in the root of your system drives

    The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.

    Please do so and allow the utility to clean up those drives as well.
    Wait until it has finished scanning and then exit the program.
    Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    =======================================
    Are you still using both the Lexmark and HP printers?
    ========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=-
    Driver::
    aswSP
    aswFsBlk
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
     
  5. Walletwacker2

    Walletwacker2 TS Rookie Topic Starter

    Slow Computer

    Flash Disinfector ins't running. I downloaded to Desktop, closed all programs, ran it from the Desktop. Windows asked me to allow and I did. After it was done, Windows said it might not have installed correctly. I clicked on it did install correctly and then nothing happened. I tried clicking on it from the Desktop one more time and WIndows again asked if I weanted to run the program, I said yes and then nothing happened. I also right clicked on it and selected Run as Administrator, Windows asked if I wanted to run the program, I said yes and again nothing happened. What should I do next?
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Try removing it and downloading it again.
     
  7. Walletwacker2

    Walletwacker2 TS Rookie Topic Starter

    Should I just delete it from the Desktop and redownload it? I do not see it in Start/All Programs or in Control Panel/Remove Prgrams. This is a Vista machine is this program compatible with Vista?
     
  8. Walletwacker2

    Walletwacker2 TS Rookie Topic Starter

    I deleted it from the Desktop, downloaded and ran it again. It did not give me the warning about not installing correctly but it still did nothing.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Try this instead:
    Download and Run FlashDisinfector- try this version:>>>
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    6. Wait until it has finished scanning and then exit the program.
    7. Reboot your computer when done.
    ==========================================
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
     
  10. Walletwacker2

    Walletwacker2 TS Rookie Topic Starter

    I downloaded it, ran it from the Desktop, allowed it to run and then nothing happened.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Maybe there is no infection.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...