Jump to content


Photo

pc so slow and sick


  • This topic is locked This topic is locked
159 replies to this topic

#51 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 09 June 2012 - 12:30 AM

ComboFix 12-06-08.02 - Hp 09/06/2012 13:45:19.10.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2036.1053 [GMT 8:00]
Running from: c:\users\Hp\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 06:11 . 2012-06-09 06:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-07 18:04 . 2012-06-07 18:04 -------- d-----w- C:\_OTL
2012-06-06 08:37 . 2012-06-09 06:11 -------- d-----w- c:\users\Hp\AppData\Local\temp
2012-06-03 13:26 . 2012-06-03 13:26 -------- d-----w- c:\users\Hp\AppData\Roaming\f-secure
2012-06-03 13:24 . 2012-06-03 13:24 -------- d-----w- c:\programdata\F-Secure
2012-06-01 05:46 . 2012-06-03 18:32 -------- d-----w- c:\users\Hp\AppData\Roaming\IDM
2012-06-01 05:46 . 2012-06-07 18:05 -------- d-----w- c:\program files\Internet Download Manager
2012-05-31 08:56 . 2012-06-07 10:24 -------- d-----w- c:\users\Hp\AppData\Roaming\DMCache
2012-05-29 16:07 . 2012-05-29 16:07 -------- d-----w- c:\users\Hp\AppData\Roaming\addpcs
2012-05-26 12:18 . 2012-05-26 12:52 -------- d-----w- c:\users\Hp\AppData\Roaming\Bitdefender
2012-05-26 12:18 . 2012-05-26 12:19 -------- d-----w- c:\programdata\Bitdefender
2012-05-26 11:42 . 2012-05-26 11:48 -------- d-----w- c:\program files\Bitdefender
2012-05-26 11:41 . 2011-08-16 06:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-05-26 11:41 . 2011-10-27 07:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-05-26 11:36 . 2012-05-26 11:41 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-05-23 15:49 . 2012-05-23 15:49 -------- d-----w- c:\programdata\Logitech
2012-05-20 10:02 . 2012-05-20 10:19 -------- d-----w- c:\program files\Common Files\Real
2012-05-14 11:22 . 2009-12-14 04:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-05-14 11:22 . 2009-12-14 04:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-05-14 11:20 . 2012-05-25 12:36 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-14 10:29 . 2012-05-14 10:29 -------- d-----w- c:\users\Hp\AppData\Local\Western Digital
2012-05-14 07:41 . 2012-05-14 07:41 -------- d-----w- c:\program files\Western Digital
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 15:56 . 2012-04-12 07:09 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-20 10:03 . 2012-01-25 06:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-20 10:03 . 2010-10-25 07:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-16 07:04 . 2011-11-04 12:16 426144 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 07:04 . 2011-08-07 01:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 10:53 . 2012-04-18 10:20 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 10:53 . 2012-04-13 07:40 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-23 11:26 . 2012-05-03 19:07 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-22 19:34 . 2012-04-22 19:34 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2012-04-18 12:56 . 2012-04-18 12:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 12:56 . 2012-04-18 12:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-12 07:10 . 2012-04-12 07:10 53248 ----a-r- c:\users\Hp\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-11 17:12 . 2012-04-11 17:12 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-03-31 04:39 . 2012-05-09 19:35 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 19:35 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36 . 2012-05-09 19:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23 . 2012-05-09 19:34 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 12:22 . 2012-03-20 12:22 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-19 19:53 . 2012-04-17 16:16 6582328 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24313A92-26E6-43C2-8B48-884EAD7FF7F8}\mpengine.dll
2012-03-17 07:27 . 2012-05-09 19:34 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-04-25 22:59 . 2012-03-24 14:47 85432 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"CAHeadless"="c:\program files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-14 539800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-08 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 257184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 447208]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 KLMD;KLMD;c:\windows\system32\Drivers\KLMD.sys [2012-04-22 16904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 112568]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 307544]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-20 611520]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 74832]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 85128]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 1796200]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 96056]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 53224]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 240184]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-09 294952]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-06 254056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
S3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-02-21 67120]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-04 07:04]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-03 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-08-08 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={A2D61784-D87D-4DD2-9965-674C2E8BA49B}&mid=e8eb7b1bf7cf47d1ad353163c4e39dbd-203ac9e8d151dfc7fffb8db0f46eb0334a45115b&lang=en&ds=ft011&pr=sa&d=2012-06-01 12:57&v=11.1.0.7&sap=hp
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A}: NameServer = 202.188.0.133,202.188.1.5
FF - ProfilePath - c:\users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\w6am161h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=9ac99f34000000000000e02a823cb1b7
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"1\" oldDevice=\"\" timeDiff=\"1338036144\" expireTime=\"1258888654\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
"DEVICE2"="vaaur8rPygA="
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{1861d51f-0d6f-4826-85e8-9e4333a87779}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009b
"Therad"=dword:00000004
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):be,d6,19,64,ff,0d,9a,d1,7e,3f,80,75,36,75,2a,7e,82,d4,c7,44,19,
b8,d5,da,a7,9e,7c,cf,1d,6c,72,ed,7d,ea,e7,2b,21,df,27,dd,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-09 14:20:06
ComboFix-quarantined-files.txt 2012-06-09 06:20
.
Pre-Run: 175,584,899,072 bytes free
Post-Run: 175,396,458,496 bytes free
.
- - End Of File - - DCA34BB014CF25777897062B5E308C84

#52 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 09 June 2012 - 12:38 AM

what i mean with desktop.ini is how to get rid of Desktop.ini,I see a file called Desktop.ini in a lot of my folders.For example in folder favorites 1 desktop.ini,download folder 1 desktop.ini,document folder 2 desktop.ini,public music 1 desktop.ini,pic library 2 desktop.ini,video library 2 desktop.ini.. What is that? How can I get rid of it? can i hidden or delete it??

Edited by mat yie76, 09 June 2012 - 01:21 AM.


#53 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 June 2012 - 09:49 AM

Desktop.ini is a normal Windows file. There will be one or two in every folder, and if you delete it Windows will replace it. It tells Windows how to display the folder. Normally desktop.ini files are hidden. Follow the directions here, except I would also check 'Don't show hidden files, folders, or drives'.

Your PC is clean. BitDefender is known to slow the PC - see http://www.pcworld.c..._interface.html
We can disable some of your other startups such as FileHippo, but then you would have to remember to run them manually..

How is the PC running after you have logged on? Does the speed seem normal?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#54 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 09 June 2012 - 10:23 AM

tyvm cnm...i appreciate for your help to solve my problem about my pc and etc... my desktop.ini right now is hidden.. about my pc after i logged on,yes my pc speed is normal right now. about disable some of my other startups,what is your recommend? besides FileHippo,what other software can u disable for me and of course i remember to run manually? any suggestion?

#55 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 09 June 2012 - 10:47 AM

how about my "remote control",any suggestion?

#56 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 June 2012 - 11:13 AM

What we can do is replace some of the startups with Scheduled Tasks. Since you already have Scheduled Tasks running that won't increase slowness. You can have them run once a week or so.

We can do that for

FileHippo - takes a minute or so to run
AdobeAAMUpdater-1.0
DivXUpdate
HP Software Update
SunJavaUpdateSched

Others you can do without or run manually when wanted. Let me know which of these you want to keep as startups.

QuickTime Task - System Tray access to Apple's "Quick Time" viewer, you may want to keep this as startup
sttray.exe - System tray icon related to Sigmatel Audio sound card.
Windows Sidebar
SynTPEnh.exe (Synaptics Incorporated) - Synaptics touchpad tray icon.

Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll.

SetPoint.exe (Logitech, Inc.) -

Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys.

HotKeysCmds -

Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel

igfxtray.exe (Intel Corporation)

Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel

AdobeARM - not needed at all


However it is unlikely that any of this will speed up your boot very much. A few seconds most likely, possibly as much as a minute. I'd really suggest just leaving things as they are and do something else while Windows boots, instead of sitting there looking at it.

I'd forgotten about the remote control. I think it is most likely related to Octoshape. It's a legitimate Windows Driver.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#57 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 09 June 2012 - 04:24 PM

QuickTime Task - System Tray access to Apple's "Quick Time" viewer,SetPoint.exe (Logitech, Inc.) i want to keep as startups.Others software you can do without or run manually when wanted.About AdobeARM,i dont need that.

#58 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 09 June 2012 - 04:33 PM

About the remote control,cant i uninstall Octoshape to solve my problem?? have any suggestions to change my remote control? (software for remote control)

#59 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 June 2012 - 05:10 PM

About the remote control,cant i uninstall Octoshape to solve my problem?? have any suggestions to change my remote control? (software for remote control)

I'm unfamiliar with both Octoshape and remote control. I wouldn't worry about the remote Windows Video Miniport. You can certainly uninstall Octoshape if you don't use it.

We'll use HijackThis to disable the startups - this is the simplest, safest tool.
  • HijackThis
  • Please download the most updated version of HijackThis.The current version is 2.0.4..
  • If you download the Executable version please make sure to place it in a permanent folder. HijackThis makes backups of anything fixed and the backups might be deleted accidentally if the program is run from a temporary folder.
  • Run HijackThis, click "Scan and Save Log", and save the logfile produced. Please do not fix any entries with HijackThis unless a helper tells you to. Most of the entries in the log will be legitimate, or even critical to the operation of your computer.
Please post the logfile.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#60 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 09 June 2012 - 11:50 PM

404 Not Found

http://free.antiviru.../?page=download

NOT FOUND

The requested URL /hijackthis/ was not found on this server

--------------------------------------------------------------------------------

Apache Server at free.antivirus.com Port 80

this i get when i want download from HijackThis... any solution??

Edited by mat yie76, 09 June 2012 - 11:57 PM.


#61 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 09 June 2012 - 11:52 PM

for your information i use google chrome to chat or download.can i download from this website : http://www.filehippo...oad_hijackthis/

Edited by mat yie76, 10 June 2012 - 12:38 AM.


#62 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 June 2012 - 12:37 AM

How did that happen? I'm sorry.

Here is the correct link to use: HijackThis
(Or use the FileHippo link, which is fine. Their download gives you more installation options..)
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#63 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 10 June 2012 - 12:39 AM

ok,got it.. wait for result.. i dont know why became like that because some website i cannot open..

Edited by mat yie76, 10 June 2012 - 12:42 AM.


#64 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 10 June 2012 - 12:53 AM

this the result,so fast result... :thumbup:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:49:47 PM, on 10/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Hp\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-06-01 12:57:34&v=11.1.0.7&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [CAHeadless] C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A}: NameServer = 202.188.0.133,202.188.1.5
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

--
End of file - 8695 bytes

#65 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 June 2012 - 11:24 AM

Good. Run HijackThis again and select "Do a system scan only".

Put a checkmark next to each of these lines:

O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background

You may want to also put a checkmark next to this:
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
but see http://www.addictive...r-from-startup/

Close other windows, then click 'Fix checked' and reboot.

Separately disable startup of Adobe Auto-Analyzer:
How to stop the auto analyzer running on startup - you have to run Premiere Elements, choose "Organize", choose "Organizer", choose "Edit > Preferences" and choose "Auto-Analyzer Options". There you can untick "Run Analyzer on Start Up" (and you might want to untick "Analyze All Media in Catalog Automatically". Then click "OK".

Schedule your updaters:
If PC seems normal after reboot - is boot any faster? then schedule FileHippo and the updaters, or remember to run them manually every week or so.
How to schedule a task. You'll want to schedule based on the calendar.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#66 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 10 June 2012 - 12:21 PM

done with all the checkmark u want me to put,pc became faster before this.. tyvm CNM.Only Separately disable startup of Adobe Auto-Analyzer i dont do it.Later i do it,but 1 problem coming up right now.When i go to TASK SCHEDULER,i click it,he say THE REMOTE COMPUTER WAS NOT FOUND.

Task Scheduler

Task Scheduler service on the target computer cannot be contacted.Please ensure the service is running properly and then use the "Connect to another computer" action to retry the connection.i try to connect to another computer but still same problem..Why my Task Scheduler be like this?? :ugh:

Edited by mat yie76, 10 June 2012 - 12:24 PM.


#67 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 June 2012 - 01:12 PM

Do Start, enter taskschd.msc
Do you get the scheduler?
If so, click Action tab and select 'Create Basic Task..'
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#68 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 10 June 2012 - 01:15 PM

i get the scheduler but he says THE REMOTE COMPUTER WAS NOT FOUND.After that i cant click Action but cannot click 'CREATE BASIC TASK'..

Edited by mat yie76, 10 June 2012 - 01:21 PM.


#69 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 June 2012 - 01:26 PM

Please download SystemLook from one of the links below and save it to your Desktop on the affected PC.
http://jpshortstuff..../SystemLook.exe
http://images.malwar.../SystemLook.exe
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
taskschd.msc

Click the 'Look' button to start the scan and wait for a few minutes until the "Look" button reappears.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#70 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 10 June 2012 - 01:27 PM

OK,I do it now.. how many minutes it complete?? look like system look hang...

Edited by mat yie76, 10 June 2012 - 01:34 PM.


#71 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 10 June 2012 - 01:46 PM

finally,done..


SystemLook 30.07.11 by jpshortstuff
Log created at 03:40 on 11/06/2012 by Hp
Administrator - Elevation successful

========== filefind ==========

Searching for "taskschd.msc"
C:\Windows\System32\taskschd.msc --a---- 145059 bytes [21:46 13/07/2009] [21:38 10/06/2009] AB2A58839814D2EA5EE621B5DBF944FF
C:\Windows\System32\ar-SA\taskschd.msc --a---- 145109 bytes [00:06 01/04/2012] [10:33 13/07/2009] 0DD45C1781F24B37DDE708662FA1720F
C:\Windows\System32\cs-CZ\taskschd.msc --a---- 145091 bytes [00:34 01/04/2012] [10:37 13/07/2009] 252993D0BCE9600830E47A96FBF7DA7D
C:\Windows\System32\da-DK\taskschd.msc --a---- 145059 bytes [23:12 31/03/2012] [10:34 13/07/2009] 2E70A039DB391E02491E96D0DF6ED2C8
C:\Windows\System32\de-DE\taskschd.msc --a---- 145061 bytes [20:24 31/03/2012] [10:37 13/07/2009] 1C15ED24459D3936F704995D4DD9E0FC
C:\Windows\System32\el-GR\taskschd.msc --a---- 145149 bytes [01:58 01/04/2012] [10:33 13/07/2009] 4ECE17B9D597E424DE36BE77D22729CF
C:\Windows\System32\en-US\taskschd.msc --a---- 145059 bytes [04:55 14/07/2009] [02:04 14/07/2009] AB2A58839814D2EA5EE621B5DBF944FF
C:\Windows\System32\es-ES\taskschd.msc --a---- 145078 bytes [22:43 31/03/2012] [10:37 13/07/2009] 02CCFA8920B62CF75171D35A6377132D
C:\Windows\System32\fi-FI\taskschd.msc --a---- 145071 bytes [04:52 01/04/2012] [10:41 13/07/2009] 839E56B6E76176E42535D0812517BCB7
C:\Windows\System32\fr-FR\taskschd.msc --a---- 145084 bytes [23:37 31/03/2012] [10:37 13/07/2009] D36ECB4613FD2922AD8E247196B0EF89
C:\Windows\System32\he-IL\taskschd.msc --a---- 145095 bytes [04:09 01/04/2012] [10:33 13/07/2009] C1D252A89680DBA94F6D687258B0C818
C:\Windows\System32\hu-HU\taskschd.msc --a---- 145069 bytes [05:38 01/04/2012] [10:45 13/07/2009] 2634335B8C64460D966EA827F5C947B8
C:\Windows\System32\it-IT\taskschd.msc --a---- 145086 bytes [01:04 01/04/2012] [10:37 13/07/2009] B77CE62BAEC42D596FC37EAE9344E49D
C:\Windows\System32\ja-JP\taskschd.msc --a---- 145112 bytes [06:25 01/04/2012] [12:16 13/07/2009] 2C69469172CF3166843B5A017586022F
C:\Windows\System32\ko-KR\taskschd.msc --a---- 145072 bytes [13:41 01/04/2012] [11:51 13/07/2009] E4B94AD1D840DF77CA7F0A015D8D0B71
C:\Windows\System32\nb-NO\taskschd.msc --a---- 145065 bytes [02:55 01/04/2012] [10:34 13/07/2009] 6DD0AB704BF32CB0EB0874D4D1D5D3C0
C:\Windows\System32\nl-NL\taskschd.msc --a---- 145054 bytes [03:29 01/04/2012] [10:47 13/07/2009] 8FC37707B45DCA1B739B060605163E62
C:\Windows\System32\pl-PL\taskschd.msc --a---- 145079 bytes [21:53 31/03/2012] [10:39 13/07/2009] 46F2300B51DB78616348D5B95D6505FB
C:\Windows\System32\pt-BR\taskschd.msc --a---- 145074 bytes [21:10 31/03/2012] [10:47 13/07/2009] 82E40E057BD0C9DDD5EB6EE727B50DB7
C:\Windows\System32\pt-PT\taskschd.msc --a---- 145077 bytes [13:03 02/04/2012] [10:45 13/07/2009] ED067B01F14DCFA74F1266ADE1BE8729
C:\Windows\System32\ru-RU\taskschd.msc --a---- 145141 bytes [21:30 31/03/2012] [10:44 13/07/2009] 58148B2BFC11292CFEA3484C831F30AE
C:\Windows\System32\sv-SE\taskschd.msc --a---- 145057 bytes [15:14 01/04/2012] [10:45 13/07/2009] A7813764B7AE4F91CAE9C3DC9F4ABD50
C:\Windows\System32\tr-TR\taskschd.msc --a---- 145085 bytes [19:50 31/03/2012] [10:39 13/07/2009] 2047570583A960DB0E76DE7D95B8586A
C:\Windows\System32\zh-CN\taskschd.msc --a---- 145072 bytes [08:49 01/04/2012] [11:50 13/07/2009] 09F112BE1778E224040F9D8633E89D24
C:\Windows\System32\zh-TW\taskschd.msc --a---- 145070 bytes [22:17 31/03/2012] [11:51 13/07/2009] E4D6F63EC5E248C3CE3A02F8BB7B4725
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_5ea3bda9ca08cea2\taskschd.msc --a---- 145109 bytes [00:06 01/04/2012] [10:33 13/07/2009] 0DD45C1781F24B37DDE708662FA1720F
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_afed15cda810fc24\taskschd.msc --a---- 145091 bytes [00:34 01/04/2012] [10:37 13/07/2009] 252993D0BCE9600830E47A96FBF7DA7D
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_4d26f5f49e56f823\taskschd.msc --a---- 145059 bytes [23:12 31/03/2012] [10:34 13/07/2009] 2E70A039DB391E02491E96D0DF6ED2C8
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4a528b30a02d4cbd\taskschd.msc --a---- 145061 bytes [20:24 31/03/2012] [10:37 13/07/2009] 1C15ED24459D3936F704995D4DD9E0FC
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_f2e8b8c38f42b54b\taskschd.msc --a---- 145149 bytes [01:58 01/04/2012] [10:33 13/07/2009] 4ECE17B9D597E424DE36BE77D22729CF
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f34361298f0b5882\taskschd.msc --a---- 145059 bytes [04:55 14/07/2009] [02:04 14/07/2009] AB2A58839814D2EA5EE621B5DBF944FF
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f30ebe0d8f324a27\taskschd.msc --a---- 145078 bytes [22:43 31/03/2012] [10:37 13/07/2009] 02CCFA8920B62CF75171D35A6377132D
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_9229c2ba844c3c51\taskschd.msc --a---- 145071 bytes [04:52 01/04/2012] [10:41 13/07/2009] 839E56B6E76176E42535D0812517BCB7
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_95c6340c82046089\taskschd.msc --a---- 145084 bytes [23:37 31/03/2012] [10:37 13/07/2009] D36ECB4613FD2922AD8E247196B0EF89
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_he-il_d9e5dbae68736177\taskschd.msc --a---- 145095 bytes [04:09 01/04/2012] [10:33 13/07/2009] C1D252A89680DBA94F6D687258B0C818
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_dd36b45466642fa5\taskschd.msc --a---- 145069 bytes [05:38 01/04/2012] [10:45 13/07/2009] 2634335B8C64460D966EA827F5C947B8
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7fee2a5359364607\taskschd.msc --a---- 145086 bytes [01:04 01/04/2012] [10:37 13/07/2009] B77CE62BAEC42D596FC37EAE9344E49D
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2213a9604c5157e2\taskschd.msc --a---- 145112 bytes [06:25 01/04/2012] [12:16 13/07/2009] 2C69469172CF3166843B5A017586022F
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_c57d86153ec21ef8\taskschd.msc --a---- 145072 bytes [13:41 01/04/2012] [11:51 13/07/2009] E4B94AD1D840DF77CA7F0A015D8D0B71
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_ae10074a16e74ab4\taskschd.msc --a---- 145065 bytes [02:55 01/04/2012] [10:34 13/07/2009] 6DD0AB704BF32CB0EB0874D4D1D5D3C0
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_ac4f528818135489\taskschd.msc --a---- 145054 bytes [03:29 01/04/2012] [10:47 13/07/2009] 8FC37707B45DCA1B739B060605163E62
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_f28bad09fd35c23d\taskschd.msc --a---- 145079 bytes [21:53 31/03/2012] [10:39 13/07/2009] 46F2300B51DB78616348D5B95D6505FB
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f4df97adfbbf5621\taskschd.msc --a---- 145074 bytes [21:10 31/03/2012] [10:47 13/07/2009] 82E40E057BD0C9DDD5EB6EE727B50DB7
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_f5c16719fb2ec5fd\taskschd.msc --a---- 145077 bytes [13:03 02/04/2012] [10:45 13/07/2009] ED067B01F14DCFA74F1266ADE1BE8729
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_3c6478dde0105429\taskschd.msc --a---- 145141 bytes [21:30 31/03/2012] [10:44 13/07/2009] 58148B2BFC11292CFEA3484C831F30AE
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_d85f6352d7395e84\taskschd.msc --a---- 145057 bytes [15:14 01/04/2012] [10:45 13/07/2009] A7813764B7AE4F91CAE9C3DC9F4ABD50
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_816cad99c5f56075\taskschd.msc --a---- 145085 bytes [19:50 31/03/2012] [10:39 13/07/2009] 2047570583A960DB0E76DE7D95B8586A
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_52c9cb97762d3294\taskschd.msc --a---- 145072 bytes [08:49 01/04/2012] [11:50 13/07/2009] 09F112BE1778E224040F9D8633E89D24
C:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_56c608ed739e0f04\taskschd.msc --a---- 145070 bytes [22:17 31/03/2012] [11:51 13/07/2009] E4D6F63EC5E248C3CE3A02F8BB7B4725
C:\Windows\winsxs\x86_taskschedulersettings_31bf3856ad364e35_6.1.7600.16385_none_4ac159ed65b079f7\taskschd.msc --a---- 145059 bytes [21:46 13/07/2009] [21:38 10/06/2009] AB2A58839814D2EA5EE621B5DBF944FF

-= EOF =-

#72 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 June 2012 - 02:36 PM

Your taskschd.msc looks fine.

I suspect that remote desktop is used by your Bitdefender online backup so hesitate to touch it.

Google shows that a lot of people have reported the Task Scheduler saying THE REMOTE COMPUTER WAS NOT FOUND.
There doesn't seem to be any guaranteed solution.

So people have recommended using this other task scheduler:
Download Freebyte Task Scheduler from http://www.freebyte....btaskscheduler/
Unzip the fbtaskscheduler.zip and extract to a convenient folder.
Click FBTaskscheduler2.exe to run it.

I have tested it by scheduling FileHippo with it, and it works. :)
For each program, click Task and Add.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#73 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 10 June 2012 - 10:13 PM

i already download Freebyte Task Scheduler but i do know how to use it.can u teach me? confius about using
it.. :blush2:

how about System Restore did not complete successfully,any idea to solve the problem?.. Sorry cnm because talk so many problem in my pc,i'm asking because want to know why and want to close the topic as soon as possible? because malware,virus or software did not instant successfully... I don't want to waste your time on here when you could be helping those with a much greater need than mine. :thumbup:

Edited by mat yie76, 10 June 2012 - 11:25 PM.


#74 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 June 2012 - 11:17 PM

After you have unzipped it into a folder such as C:\Program Files (x86)\FB Task Scheduler\

Click FBTaskscheduler2.exe to run it.
Click the Task tab and click Add.
Set the schedule to Weekly and choose a day and time.
Give it a name in Task Name.
For the Program location, use the browse button ..., navigate to the file and click Open.
Usually you would leave Program parameters blank.
Click Save.

Your task is scheduled. Click the triangular run button to test that the task runs OK.

My FileHippo task looks like this:
(click to enlarge)
Attached File  ScreenShot054.png   58.17KB   26 downloads

When you have added all your tasks, close the Task Scheduler and you are done.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#75 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 10 June 2012 - 11:29 PM

ok,i know and understand... i try it now.. :thumbup: i did it,yess.... now i cant use my task scheduler already..... ty ty tyvm CNM,u awesome... :thumbup:

Edited by mat yie76, 10 June 2012 - 11:44 PM.


#76 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 11 June 2012 - 05:38 PM

You're welcome.:)
I assume you just mean you no longer need to use the Windows Task Scheduler?

now i cant use my task scheduler already


How long do the boot and shutdown take now?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#77 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 12 June 2012 - 03:21 AM

for the boot is 4 minutes and for shut down is 3 half minutes..

#78 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 June 2012 - 09:28 AM

That is certainly an improvement. :)

Please clean up our tools now:
Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Delete the DDS files and Security Check folder from your Desktop, also TDSSKiller.

Run OTL and click the 'CleanUp' button. It will remve itself and its files.

Advice for malware prevention:

Keep your BitDefender enabled.

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place

I'll keep this topic open for a few days.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#79 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 12 June 2012 - 01:44 PM

After i type Start > Run and enter combofix / uninstall then Window said it couldn't be found.Please type correctly and try again.Any solution? Other tool i just clean up correctly.Right now my bitdefender has enable.

#80 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 12 June 2012 - 01:52 PM

CNM,I would like to thank you whole-heartedly for all your time and efforts.I really appreciated everything you've done for me.But really,I'm happy if your happy.U Mother Lion of SWI and your friend in SWI is a very nice,helpfull and a good person ( GOD BLESS U ALL )


Thanks as always for your help for everything..


MAT YIE76 :thumbup:

#81 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 June 2012 - 02:00 PM

Please do this. Start, enter cmd.exe
In the command window enter this:
c:\users\Hp\Downloads\Programs\ComboFix.exe /u

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#82 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 12 June 2012 - 02:08 PM

after that i enter and this message apply... 'c:\users\Hp\Downloads\Programs\ComboFix.exe' is not recognized as an internal or external command,
operable program or batch file.

#83 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 June 2012 - 02:28 PM

You indicated you ran
combofix / uninstall
Don't put a space between / and uninstall.
Start > Run and enter 'combofix /u'
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#84 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 12 June 2012 - 02:36 PM

same problem,before this combofix / uninstall,right now combofix /uninstall but still same problem... Window cannot find 'combofix'.Make sure you typed the name correctly and then try again.Just the ' i dont put... after i put like 'combofix /uninstall' still same problem...

Edited by mat yie76, 12 June 2012 - 02:38 PM.


#85 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 June 2012 - 02:47 PM

I suppose that is because you ran it from download folder instead of Desktop.
Go to c:\users\Hp\Downloads\Programs\
Right click on combofix.exe and do Cut.
Go to an empty place on your Desktop, right click and do Paste.
Double-click the ComboFix Desktop icon to run it, post the log.
After that you should be able to do Start > Run and enter 'combofix /u'.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#86 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 12 June 2012 - 02:51 PM

ok,i try it... then i post the log

#87 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 12 June 2012 - 02:54 PM

want to disabled my anti virus

#88 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 June 2012 - 03:02 PM

Yes, disable it while running ComboFix.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#89 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 12 June 2012 - 04:24 PM

ComboFix 12-06-12.02 - Hp 13/06/2012 5:10.11.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2036.1106 [GMT 8:00]
Running from: c:\users\Hp\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 31
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\ati4irxx.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 21:36 . 2012-06-12 21:36 -------- d-----w- c:\users\Hp\AppData\Local\temp
2012-06-12 21:36 . 2012-06-12 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-11 17:52 . 2012-06-11 18:49 -------- d-----w- c:\program files\CCleaner
2012-06-11 07:37 . 2012-06-11 07:37 -------- d-----w- c:\users\Hp\AppData\Roaming\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2012-06-11 07:36 . 2012-06-11 07:36 -------- d-----w- c:\users\Hp\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-06-11 04:52 . 2012-06-11 04:52 -------- d-----w- c:\users\Hp\AppData\Local\Freebyte
2012-06-11 03:54 . 2011-05-22 09:34 609280 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Administrative Tools\FBTaskscheduler2.exe
2012-06-10 15:17 . 2012-06-10 15:17 -------- d-----w- c:\users\Hp\AppData\Roaming\Thunderbird
2012-06-10 15:17 . 2012-06-10 15:17 -------- d-----w- c:\users\Hp\AppData\Local\Thunderbird
2012-06-09 13:46 . 2012-06-09 13:46 -------- d-----w- c:\windows\system32\oodag
2012-06-09 13:38 . 2012-06-09 13:38 -------- d-----w- c:\users\Hp\AppData\Local\O&O
2012-06-09 13:38 . 2012-06-09 13:38 -------- d-----w- c:\program files\OO Software
2012-06-09 13:29 . 2012-06-09 13:29 -------- d-----w- c:\users\Hp\AppData\Local\Downloaded Installations
2012-06-03 13:26 . 2012-06-03 13:26 -------- d-----w- c:\users\Hp\AppData\Roaming\f-secure
2012-05-31 08:56 . 2012-06-09 17:09 -------- d-----w- c:\users\Hp\AppData\Roaming\DMCache
2012-05-29 16:07 . 2012-05-29 16:07 -------- d-----w- c:\users\Hp\AppData\Roaming\addpcs
2012-05-26 12:18 . 2012-05-26 12:52 -------- d-----w- c:\users\Hp\AppData\Roaming\Bitdefender
2012-05-26 12:18 . 2012-05-26 12:19 -------- d-----w- c:\programdata\Bitdefender
2012-05-26 11:42 . 2012-05-26 11:48 -------- d-----w- c:\program files\Bitdefender
2012-05-26 11:41 . 2011-08-16 06:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-05-26 11:41 . 2011-10-27 07:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-05-26 11:36 . 2012-05-26 11:41 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-05-23 15:49 . 2012-05-23 15:49 -------- d-----w- c:\programdata\Logitech
2012-05-20 10:02 . 2012-05-20 10:19 -------- d-----w- c:\program files\Common Files\Real
2012-05-18 16:52 . 2012-05-18 16:52 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-18 16:52 . 2012-05-18 16:52 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-18 16:52 . 2012-05-18 16:52 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-18 16:52 . 2012-05-18 16:52 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-18 16:52 . 2012-05-18 16:52 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-18 16:52 . 2012-05-18 16:52 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-18 16:52 . 2012-05-18 16:52 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-14 11:22 . 2009-12-14 04:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-05-14 11:22 . 2009-12-14 04:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-05-14 10:29 . 2012-05-14 10:29 -------- d-----w- c:\users\Hp\AppData\Local\Western Digital
2012-05-14 07:41 . 2012-05-14 07:41 -------- d-----w- c:\program files\Western Digital
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 17:51 . 2011-11-04 12:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 17:51 . 2011-08-07 01:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-23 15:56 . 2012-04-12 07:09 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-20 10:03 . 2012-01-25 06:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-20 10:03 . 2010-10-25 07:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-01 10:53 . 2012-04-18 10:20 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 10:53 . 2012-04-13 07:40 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-22 19:34 . 2012-04-22 19:34 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2012-04-18 12:56 . 2012-04-18 12:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 12:56 . 2012-04-18 12:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-12 07:10 . 2012-04-12 07:10 53248 ----a-r- c:\users\Hp\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-11 17:12 . 2012-04-11 17:12 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-03-31 04:39 . 2012-05-09 19:35 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 19:35 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36 . 2012-05-09 19:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23 . 2012-05-09 19:34 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 10:01 . 2012-03-28 10:01 1632592 ----a-w- c:\windows\system32\ooscrsav.scr
2012-03-28 10:00 . 2012-03-28 10:00 277840 ----a-w- c:\windows\system32\oodbs.exe
2012-03-28 09:58 . 2012-03-28 09:58 536400 ----a-w- c:\windows\system32\oodssrs.dll
2012-03-28 09:58 . 2012-03-28 09:58 10064 ----a-w- c:\windows\system32\oodbsrs.dll
2012-03-20 12:22 . 2012-03-20 12:22 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-19 19:53 . 2012-04-17 16:16 6582328 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24313A92-26E6-43C2-8B48-884EAD7FF7F8}\mpengine.dll
2012-03-17 07:27 . 2012-05-09 19:34 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-02-22 05:54 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-03-28 2774352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]
2011-09-14 14:09 539800 ----a-w- c:\program files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 12:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 447208]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 KLMD;KLMD;c:\windows\system32\Drivers\KLMD.sys [2012-04-22 16904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 307544]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-20 611520]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 74832]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 85128]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 1796200]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2012-03-28 2500944]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 53224]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 240184]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-09 294952]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-06 254056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
S3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-02-21 67120]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-04 17:51]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 14:27]
.
2012-05-03 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-08-08 12:17]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3CA0FAE8-B45D-4AF3-8FD4-487A12B01D2A}: NameServer = 202.188.0.133,202.188.1.5
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"1\" oldDevice=\"\" timeDiff=\"1338036144\" expireTime=\"1258888654\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
"DEVICE2"="vaaur8rPygA="
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{1861d51f-0d6f-4826-85e8-9e4333a87779}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009b
"Therad"=dword:00000004
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2541759816-211721918-909212357-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):be,d6,19,64,ff,0d,9a,d1,7e,3f,80,75,36,75,2a,7e,82,d4,c7,44,19,
b8,d5,da,a7,9e,7c,cf,1d,6c,72,ed,7d,ea,e7,2b,21,df,27,dd,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-13 05:43:05
ComboFix-quarantined-files.txt 2012-06-12 21:43
.
Pre-Run: 186,671,407,104 bytes free
Post-Run: 186,616,811,520 bytes free
.
- - End Of File - - E4C6E768E9AF1C3AC0C26C43AAF621F4

#90 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 12 June 2012 - 11:49 PM

for your info CNM i ran combofix from desktop not from download folder.Still same problem when i want to uninstall it..

#91 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 13 June 2012 - 09:38 AM

for your info cnm,i just uninstall my bitdefender because of this..... http://forum.bitdefe...opic=33784&st=0 and http://forum.bitdefe...showtopic=20041 and http://forum.bitdefe...showtopic=21390 and http://forum.bitdefe...showtopic=15484

Edited by mat yie76, 13 June 2012 - 09:38 AM.


#92 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 13 June 2012 - 09:40 AM

cheat people money,so sad and right now my system restore crash and die already...after uninstall that anti virus,my system recovery cannot open in normal mode or safe mode.. in safe mode my protection settings disappear,gone.. do know where he go but in normal mode still have protection settings.. but cannot confugire it..

Edited by mat yie76, 13 June 2012 - 09:49 AM.


#93 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 13 June 2012 - 09:57 AM

but u still the best,not boring help me to solve the problem... :thumbup:

#94 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 13 June 2012 - 10:08 AM

i dont no it good or not but take a look please.. http://www.bleepingc...opic437439.html solution for uninstall combofix..

Edited by mat yie76, 13 June 2012 - 10:09 AM.


#95 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 13 June 2012 - 10:11 AM

i am beginner but i want to learn hope u want to teach me..

#96 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 June 2012 - 10:50 AM

What happens when you do this?
Start > Run and enter '"%userprofile%\desktop\combofix.exe" /uninstall'. Note the space after 'combofix'.

I am disturbed by the removal of ati4irxx.sys in your last ComboFix log, as it was already removed on June 6. I am consulting our other experts.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#97 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 June 2012 - 11:00 AM

I didn't see your replies when I posted.

i dont no it good or not but take a look please.. http://www.bleepingc...opic437439.html solution for uninstall combofix..

That instructs you to run OTC and click 'CleanUp'. Go ahead and try it.
I thought clicking CleanUp in OTL would do the same thing and I told you to do that here.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#98 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 13 June 2012 - 11:04 AM

still same problem cnm,Window cannot find '"%userprofile%\desktop\ combofix.exe" /uninstall' .Make sure you typed name correctly and then try again. So what next cnm? i am blur right now..

#99 mat yie76

mat yie76

    Advanced Member

  • Full Member
  • PipPipPip
  • 105 posts

Posted 13 June 2012 - 11:09 AM

finally.... combofix uninstall completely from my desktop.. one again thnz to u cnm for your suggestion.. it worked.

#100 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 June 2012 - 11:26 AM

I don't understand why you uninstalled BitDefender. The links you gave are to posts made three years ago.

I want you to run an ESET scan. Please do not do anything else until instructed.


Please scan your machine with a new copy of ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Please post the report, if any, and let me know of any problems.
And please be patient while I wait for suggestions from our other experts.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button