Solved Windows 7 Home Premium: rundll32.exe/slow login

Status
Not open for further replies.

cookiesandjuice

Posts: 25   +0
For a while now, every time that I try to log in, it takes maybe 20 seconds at the "Welcome" loading screen, and then some time on a black screen before my desktop shows up. Explorer.exe is already running though, so it shouldn't be a problem...? During that black screen the CPU usage is between 0% and 1%.

As well, I've been having two instances of rundll32.exe. One has no description, no CMD line, and the other had something about NvCpl.dll (or something related to Nvidia). I researched online, and found that in the System32 folder, it had a page icon - apparently a sign of malware, and so I thought it was the problem. I did a full scan of my computer with the Malicious Software Removal Tool, but nothing came up.

Next, I followed the directions here (http://www.revthatup.com/how-to-fix-rundll32-exe/) using Safe Mode, but when I downloaded rundll32.exe it also had a page icon. I went ahead and pasted it into System32, and upon restart I was asked if I wanted to run rundll32.exe from Unknown Publisher. Allowing it to run, there were again two instances of rundll32.exe.

So I redeleted it using the article's info, and am not letting it run. However, every time I log in it asks if I want to run it, which is very annoying. As well, the lag time during login is still continuing.
Please help! Thanks in advance =)
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 4-Step instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
Thanks for the speedy reply!

MBAM log:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.16.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: ANDREW-PC [administrator]

12/19/2012 6:21:27 PM
mbam-log-2012-12-19 (18-21-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 34510
Time elapsed: 2 minute(s), 2 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS logs:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Andrew at 18:34:13 on 2012-12-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.1364 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\2657D626C656265656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\35F6E616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\4554C4553503438393 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\45F6D6D69702E476579756E6 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\545343135453 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\74275656E60225F6F6D6 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\D4F62696C6560284F6473707F647027434 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{7ADA438A-D22B-4F4A-9B87-7EC7541F0514} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-18 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-18 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-18 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-18 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-18 44808]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-6-18 374648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-26 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-26 1343400]
.
=============== Created Last 30 ================
.
2012-12-20 02:24:2560872----a-w-c:\programdata\microsoft\windows defender\definition updates\{99ef2e91-d33d-421c-81fb-da322cad6cdf}\offreg.dll
2012-12-20 02:18:026891424----a-w-c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-12-20 02:17:546812136----a-w-c:\programdata\microsoft\windows defender\definition updates\{99ef2e91-d33d-421c-81fb-da322cad6cdf}\mpengine.dll
2012-12-19 06:58:5344784----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-12-19 06:58:51738504----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-12-19 06:58:4758680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-12-19 06:57:5241224----a-w-c:\windows\avastSS.scr
2012-12-19 06:57:39--------d-----w-c:\programdata\AVAST Software
2012-12-19 06:57:39--------d-----w-c:\program files\AVAST Software
2012-12-18 04:36:58--------d-----w-c:\windows\system32\drivers\umdf\es-ES
2012-12-17 06:35:46--------d-----w-c:\users\andrew\appdata\local\Diagnostics
2012-12-17 05:19:12--------d-----w-c:\program files\MSECACHE
2012-12-15 07:46:49--------d--h--w-c:\windows\msdownld.tmp
2012-12-15 07:46:36--------d-----w-c:\windows\system32\directx
2012-12-15 04:33:5579256----a-w-c:\windows\system32\npOGPPlugin.dll
2012-12-15 04:33:54271768----a-w-c:\windows\system32\OGPIEPlugin.ocx
2012-12-12 00:26:192345984----a-w-c:\windows\system32\win32k.sys
2012-12-12 00:25:592048----a-w-c:\windows\system32\tzres.dll
2012-12-08 03:36:48--------d-----w-c:\program files\uTorrent
2012-12-08 03:35:42--------d-----w-c:\users\andrew\appdata\roaming\uTorrent
.
==================== Find3M ====================
.
2012-12-19 05:57:5344544----a-w-c:\windows\system32\rundll32.exe
2012-11-14 02:09:221800704----a-w-c:\windows\system32\jscript9.dll
2012-11-14 01:58:151427968----a-w-c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:371129472----a-w-c:\windows\system32\wininet.dll
2012-11-14 01:49:25142848----a-w-c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27420864----a-w-c:\windows\system32\vbscript.dll
2012-11-14 01:44:422382848----a-w-c:\windows\system32\mshtml.tlb
2012-11-05 20:32:16295424----a-w-c:\windows\system32\atmfd.dll
2012-11-05 20:32:0934304----a-w-c:\windows\system32\atmlib.dll
2012-11-02 05:11:31376832----a-w-c:\windows\system32\dpnet.dll
2012-10-16 07:39:52561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40:3144032----a-w-c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31193536----a-w-c:\windows\system32\dhcpcore6.dll
2012-10-04 16:47:18169984----a-w-c:\windows\system32\winsrv.dll
2012-10-04 16:43:05293376----a-w-c:\windows\system32\KernelBase.dll
2012-10-04 14:57:58271360----a-w-c:\windows\system32\conhost.exe
2012-10-04 14:41:506144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:504608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:503584---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:503072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:301293680----a-w-c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:2652224----a-w-c:\windows\system32\nlaapi.dll
2012-10-03 16:42:26242176----a-w-c:\windows\system32\nlasvc.dll
2012-10-03 16:42:2418944----a-w-c:\windows\system32\netevent.dll
2012-10-03 16:42:24175104----a-w-c:\windows\system32\netcorehc.dll
2012-10-03 16:42:23156672----a-w-c:\windows\system32\ncsi.dll
2012-10-03 16:40:35499712----a-w-c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:3835328----a-w-c:\windows\system32\drivers\tcpipreg.sys
2012-09-30 03:54:2622856----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47:4378336----a-w-c:\windows\system32\synceng.dll
.
============= FINISH: 18:34:44.55 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/26/2012 10:45:27 AM
System Uptime: 12/19/2012 6:11:12 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | Microprocessor | 996/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 88.896 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP159: 12/16/2012 9:19:40 PM - Installed Windows Installer Clean Up
RP161: 12/16/2012 9:45:47 PM - Installed Zune 4.8
RP163: 12/16/2012 10:37:17 PM - IObit Uninstaller restore point
RP164: 12/16/2012 10:37:52 PM - Removed Windows Installer Clean Up
RP166: 12/16/2012 10:51:44 PM - IObit Uninstaller restore point
RP168: 12/17/2012 8:36:01 PM - Installed Zune 4.8
RP170: 12/18/2012 4:59:30 PM - IObit Uninstaller restore point
RP172: 12/18/2012 5:00:25 PM - IObit Uninstaller restore point
RP173: 12/18/2012 5:34:35 PM - Changing user folder names
RP174: 12/18/2012 9:24:29 PM - Rundll32.exe virus elimination
RP175: 12/18/2012 9:47:58 PM - Windows Update
RP176: 12/18/2012 10:57:29 PM - avast! Free Antivirus Setup
RP178: 12/18/2012 11:46:15 PM - IObit Uninstaller restore point
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 3 (SP3)
Auslogics Disk Defrag
avast! Free Antivirus
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D110 MDC V.92 Modem
DW WLAN Card Utility
Google Chrome
Google Update Helper
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Expression Blend 4
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Refresh (ARP entry)
Microsoft XNA Game Studio 4.0 Refresh (Redists)
Microsoft XNA Game Studio 4.0 Refresh (Shared Components)
Microsoft XNA Game Studio 4.0 Refresh (Visual Studio)
NVIDIA Drivers
NVIDIA nView Desktop Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype™ 6.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Mobile Device Updater Component
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
12/19/2012 6:14:23 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/19/2012 6:14:23 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
12/18/2012 9:52:35 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
12/18/2012 7:17:54 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
12/18/2012 5:38:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
12/18/2012 10:55:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/18/2012 10:45:30 PM, Error: Microsoft Antimalware [2001] -
12/18/2012 10:06:13 PM, Error: Service Control Manager [7022] - The DW WLAN Tray Service service hung on starting.
12/18/2012 10:00:39 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 10:00:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 10:00:23 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
12/18/2012 10:00:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/18/2012 10:00:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/18/2012 10:00:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/18/2012 10:00:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/18/2012 10:00:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
12/15/2012 1:38:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/15/2012 1:38:10 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/15/2012 1:38:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================
# AdwCleaner v2.101 - Logfile created 12/19/2012 at 19:06:12
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Andrew - ANDREW-PC
# Boot Mode : Normal
# Running from : C:\Users\Andrew\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [980 octets] - [19/12/2012 19:06:12]
########## EOF - C:\AdwCleaner[S1].txt - [1039 octets] ##########
I think this means that my computer is clean. Interestingly enough, while login is not as quick as it used to be, there is no black screen before the desktop and taskbar pops up. However, I'm still curious about the 2 run32dll.exe's, the identity of the process which doesn't have a path, and if I should let the one related to NvCpl.dll run...
 
I want to make sure your computer is clean. The computer is only clean from adware. However, it is good to still check for malware, please do the following:

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 12-12-20.02 - Andrew 12/20/2012 18:23:19.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.1262 [GMT -8:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User_2\Documents\~WRL1875.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 02:30 . 2012-12-21 02:30--------d-----w-c:\users\Andrew\AppData\Local\temp
2012-12-20 02:17 . 2012-11-19 09:046812136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{99EF2E91-D33D-421C-81FB-DA322CAD6CDF}\mpengine.dll
2012-12-19 06:58 . 2012-10-30 23:5121256----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-12-19 06:58 . 2012-10-30 23:51361032----a-w-c:\windows\system32\drivers\aswSP.sys
2012-12-19 06:58 . 2012-10-15 16:5944784----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-12-19 06:58 . 2012-10-30 23:5154232----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-12-19 06:58 . 2012-10-30 23:51738504----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-12-19 06:58 . 2012-10-30 23:5158680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-12-19 06:57 . 2012-10-30 23:5141224----a-w-c:\windows\avastSS.scr
2012-12-19 06:57 . 2012-10-30 23:50227648----a-w-c:\windows\system32\aswBoot.exe
2012-12-19 06:57 . 2012-12-19 06:57--------d-----w-c:\programdata\AVAST Software
2012-12-19 06:57 . 2012-12-19 06:57--------d-----w-c:\program files\AVAST Software
2012-12-19 01:11 . 2012-12-19 01:12--------d-----w-c:\users\Moose
2012-12-18 04:36 . 2012-12-18 04:36--------d-----w-c:\windows\system32\drivers\UMDF\es-ES
2012-12-18 04:36 . 2012-12-18 04:37--------d-----w-c:\program files\Zune
2012-12-17 06:35 . 2012-12-17 06:35--------d-----w-c:\users\Andrew\AppData\Local\Diagnostics
2012-12-17 05:19 . 2012-12-17 06:38--------d-----w-c:\program files\MSECACHE
2012-12-15 07:46 . 2012-12-15 07:49--------d--h--w-c:\windows\msdownld.tmp
2012-12-15 04:33 . 2009-11-19 10:3379256----a-w-c:\windows\system32\npOGPPlugin.dll
2012-12-15 04:33 . 2009-11-19 10:33271768----a-w-c:\windows\system32\OGPIEPlugin.ocx
2012-12-12 00:26 . 2012-11-22 02:562345984----a-w-c:\windows\system32\win32k.sys
2012-12-12 00:25 . 2012-11-09 04:422048----a-w-c:\windows\system32\tzres.dll
2012-12-08 03:36 . 2012-12-08 03:36--------d-----w-c:\program files\uTorrent
2012-12-08 03:35 . 2012-12-15 08:41--------d-----w-c:\users\Andrew\AppData\Roaming\uTorrent
2012-12-08 03:35 . 2012-12-08 07:50--------d-----w-c:\users\User\AppData\Roaming\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-19 05:57 . 2009-07-14 02:1444544----a-w-c:\windows\system32\rundll32.exe
2012-11-16 03:35 . 2012-11-16 03:35192768----a-w-c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2012-10-16 07:39 . 2012-11-28 02:42561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-15 18:19193536----a-w-c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 18:1944032----a-w-c:\windows\system32\dhcpcsvc6.dll
2012-10-03 16:58 . 2012-11-15 18:191293680----a-w-c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-15 18:1952224----a-w-c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-15 18:19242176----a-w-c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-15 18:19175104----a-w-c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 18:1918944----a-w-c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-15 18:19156672----a-w-c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-15 18:19499712----a-w-c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-15 18:1935328----a-w-c:\windows\system32\drivers\tcpipreg.sys
2012-09-30 03:54 . 2012-08-13 22:1122856----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-15 18:1978336----a-w-c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50121528----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-03-06 96800]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 5955072]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\User_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-06 18:5292704----a-w-c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-03-05 05:111657376----a-w-c:\windows\System32\nwiz.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-03 04:09]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-03 04:09]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-20 18:32:07
ComboFix-quarantined-files.txt 2012-12-21 02:32
.
Pre-Run: 95,126,814,720 bytes free
Post-Run: 94,907,858,944 bytes free
.
- - End Of File - - 23D0F44DB9A2F0413846D6C3271A607E
Thanks!
 
OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 
OTL logfile created on: 12/21/2012 9:44:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrew\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.65% Memory free
4.00 Gb Paging File | 3.26 Gb Available in Paging File | 81.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 86.58 Gb Free Space | 77.52% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/21 21:44:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\OTL.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/04 06:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/18 07:50:00 | 005,955,072 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2011/01/18 07:50:00 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2011/01/18 07:49:52 | 005,210,112 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/11/20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/30 16:22:58 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/30 16:22:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/30 16:22:33 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/30 16:22:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/07/26 12:58:28 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\GAC_32\bcmwlrmt\5.100.235.0__6d6a20262490fcdc\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/26 12:21:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/01/18 07:50:00 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andrew\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 15:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 08:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2011/01/18 07:49:50 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/09 16:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2009/03/06 10:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 C4 C2 84 8A DA CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2012/12/20 18:30:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ADA438A-D22B-4F4A-9B87-7EC7541F0514}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/20 18:32:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/20 18:32:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/20 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\temp
[2012/12/20 18:22:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/20 18:22:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/20 18:22:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/20 18:21:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/20 18:21:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/18 22:58:56 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/12/18 22:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/12/18 22:58:55 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/12/18 22:58:53 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/12/18 22:58:52 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/12/18 22:58:51 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/12/18 22:58:47 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/12/18 22:57:52 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/12/18 22:57:51 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/12/18 22:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/12/18 22:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/12/17 20:37:50 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Podcasts
[2012/12/17 20:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2012/12/17 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2012/12/16 22:35:46 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Diagnostics
[2012/12/16 21:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2012/12/14 23:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012/12/14 22:42:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Macromedia
[2012/12/14 20:33:55 | 000,079,256 | ---- | C] (OGPlanet) -- C:\Windows\System32\npOGPPlugin.dll
[2012/12/14 20:33:54 | 000,271,768 | ---- | C] (OGPlanet) -- C:\Windows\System32\OGPIEPlugin.ocx
[2012/12/07 19:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/12/07 19:35:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\uTorrent
[2012/12/02 18:37:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/21 21:42:20 | 000,014,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 21:42:20 | 000,014,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 21:41:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/21 21:39:27 | 000,622,330 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/21 21:39:27 | 000,105,536 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/21 21:34:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/21 21:34:48 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 22:25:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/20 18:43:10 | 000,369,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/20 18:30:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/18 23:47:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/12/18 22:58:47 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/12/16 22:39:05 | 000,002,314 | ---- | M] () -- C:\Users\Andrew\Documents\cc_20121216_223903.reg
[2012/12/16 22:38:54 | 000,117,380 | ---- | M] () -- C:\Users\Andrew\Documents\cc_20121216_223846.reg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/20 18:22:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/20 18:22:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/20 18:22:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/20 18:22:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/20 18:22:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/16 22:39:04 | 000,002,314 | ---- | C] () -- C:\Users\Andrew\Documents\cc_20121216_223903.reg
[2012/12/16 22:38:51 | 000,117,380 | ---- | C] () -- C:\Users\Andrew\Documents\cc_20121216_223846.reg
[2012/09/02 14:25:52 | 000,000,223 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2012/07/28 18:12:57 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012/07/26 12:56:38 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/07/26 10:49:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/07/26 10:00:37 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2012/07/26 10:00:37 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2012/07/26 10:00:37 | 001,503,232 | ---- | C] () -- C:\Windows\System32\nView.dll
[2012/07/26 10:00:37 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2012/07/26 10:00:37 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2012/07/26 10:00:37 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2012/07/26 10:00:37 | 000,158,240 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/15 20:26:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Auslogics
[2012/08/11 20:48:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PCDr
[2012/12/15 00:41:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
I ran ESET Online Scanner as you instructed, but no issues were detected.

At the moment, the only issue I have is the issue of rundll32.exe having two instances, one that tries to run at log-in but I am denying it access, and the other which is running without a command line. However, winlogon.exe and csrss.exe also do not have command lines.

However, I do recall that when I first got my computer, it had two instances of rundll32.exe that ran. I believe it should be safe to run it, especially since after I installed avast! recently, there has been no annoying wait at a black screen upon log-in.

UPDATE: I have run the second instance, and successfully restarted without lag. I will post again if the issue reoccurs, or if I have another issue. Thank you for your time! (=
 
Hi there. It's normal for rundll32.exe to be running under a few instances. No worries.


It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create


Remove tools, temp files, old Restore Points

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
Status
Not open for further replies.
Back