Solved Computer running slower after wipe

September 23, 2013 at 11:16:52
Specs: Windows 7 home premium , Amd-c50 1.00 gigshertz 10 gb of ram
My computer takes forever to start up. Have ran malwarebytes and to no avail. I can't be at my computer for a wile so I need help! I can't get my stuff off of it because it has a 100 kb transfer rate. I am using puppy Linux to transfer files

See More: Computer running slower after wipe

Report •


✔ Best Answer
September 25, 2013 at 14:34:48
Here are all the ways to run Combofix, maybe on a USB will be your best way.

2: Run ComboFix. Copy & Paste the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
Run Defogger
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Note: If Combofix won't run.
1: Try Safe mode.
2: Rename Combofix.exe as you download it to winlogon.exe or Combo-Fix.exe or anything you like.
Notes:
It is very important that save the newly renamed EXE file to your desktop.
You must rename Combofixe.exe as you download it and not after it is on your computer.
You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
Open Firefox
Click Tools -> Options -> Main
Under the downloads section check the button that says "Always ask me where to save files".
Click OK
For Internet Explorer:
Choose to save, not open the file
When prompted - save the file to your desktop, and rename it winlogon.exe.
Or,
Download Combofix to a USB and run Combofix from the USB, just say continue to all the warning messages.



#1
September 23, 2013 at 15:34:46
Try this way & lets see if we can get some speed back, maybe eventually a complete clean.

This is the first step, not a final one.

1: Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#2
September 24, 2013 at 05:41:31
I don't have any antivirus or anything. I used malwarebytes for once and I uninstalled it. I then locked my computer and then I tried to login and it says the administrator account is disabled and I'm locked out. Any help

Report •

#3
September 24, 2013 at 14:39:26
"administrator account is disabled and I'm locked out. Any help"
Did you try the ESET way?

Create a ESET SysRescue CD or USB drive.


Report •

Related Solutions

#4
September 25, 2013 at 08:09:00
No threats found
Log is unreadable after the first read

message edited by thetechwizard112


Report •

#5
September 25, 2013 at 14:34:48
✔ Best Answer
Here are all the ways to run Combofix, maybe on a USB will be your best way.

2: Run ComboFix. Copy & Paste the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
Run Defogger
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Note: If Combofix won't run.
1: Try Safe mode.
2: Rename Combofix.exe as you download it to winlogon.exe or Combo-Fix.exe or anything you like.
Notes:
It is very important that save the newly renamed EXE file to your desktop.
You must rename Combofixe.exe as you download it and not after it is on your computer.
You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
Open Firefox
Click Tools -> Options -> Main
Under the downloads section check the button that says "Always ask me where to save files".
Click OK
For Internet Explorer:
Choose to save, not open the file
When prompted - save the file to your desktop, and rename it winlogon.exe.
Or,
Download Combofix to a USB and run Combofix from the USB, just say continue to all the warning messages.


Report •

#6
September 30, 2013 at 06:13:39
Im sorry not getting back to you in time. I had to get a new battery for my computer and it is in for a screen fix. I won't be able to be on my computer till Friday.
Thanks
Kyle

Report •

#7
September 30, 2013 at 15:12:19
"I won't be able to be on my computer till Friday"
No problem Kyle.
John.

Report •

#8
October 1, 2013 at 05:41:34
Any advice till then?

Report •

#9
October 1, 2013 at 11:49:05
"Any advice till then?"

Not until I get some more clues from my post > #5

message edited by Johnw


Report •

#10
October 2, 2013 at 07:29:35
you mean clues? right?

Report •

#11
October 2, 2013 at 12:38:27
"you mean clues? right?"
Yep, from the Combofix log.

message edited by Johnw


Report •

#12
October 2, 2013 at 12:43:19
EDIT:

Run Defogger & then Combofix.
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...
Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
Run ComboFix. Copy & Paste the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.


Report •

#13
October 4, 2013 at 16:26:16
I am doing the scans now

Report •

#14
October 4, 2013 at 17:55:00
In the post or on a upload site. i can do both

message edited by thetechwizard112


Report •

#15
October 4, 2013 at 18:06:57
ComboFix 13-10-04.02 - Administrator 10/04/2013 16:56:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9831.8376 [GMT -7:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2013-09-05 to 2013-10-05 )))))))))))))))))))))))))))))))


2013-10-05 00:38:50 . 2013-10-05 00:38:50 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-09-22 22:12:13 . 2013-09-22 22:14:50 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2013-09-22 22:12:04 . 2013-09-22 22:16:20 -------- d-----w- C:\ProgramData\WildTangent
2013-09-22 22:11:54 . 2013-09-22 22:16:40 -------- d-----w- C:\Program Files (x86)\TOSHIBA Games
2013-09-22 21:04:36 . 2013-09-22 21:04:37 -------- d--h--w- C:\windows\msdownld.tmp
2013-09-22 20:57:58 . 2013-09-22 20:57:49 174640 ----a-w- C:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-09-22 20:57:49 . 2013-09-22 20:57:59 -------- d-----w- C:\Program Files\Symantec
2013-09-22 20:57:49 . 2013-09-22 20:57:58 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-09-22 20:50:08 . 2013-09-22 20:50:08 -------- d-----w- C:\windows\system32\drivers\NISx64
2013-09-22 20:49:57 . 2013-09-22 20:50:08 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2013-09-22 20:49:46 . 2013-09-22 20:49:46 -------- d-----w- C:\ProgramData\Norton
2013-09-22 20:31:20 . 2013-09-22 20:45:31 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2013-09-22 20:31:20 . 2013-09-22 20:40:44 -------- d-----w- C:\Program Files (x86)\Google
2013-09-22 20:23:43 . 2013-09-22 20:23:43 -------- d-----w- C:\Users\Administrator\AppData\Local\Apps
2013-09-22 20:23:32 . 2013-09-22 20:30:59 -------- d-----w- C:\Users\Administrator\AppData\Local\Deployment
2013-09-22 20:20:29 . 2013-09-22 20:20:29 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2013-09-22 19:57:51 . 2013-09-22 19:57:51 -------- d-----w- C:\windows\SysWow64\Atheros_L1e
2013-09-22 18:51:12 . 2013-09-22 18:51:12 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems
2013-09-22 18:50:02 . 2013-09-22 18:50:02 -------- d-----w- C:\Program Files (x86)\Corel
2013-09-22 18:42:28 . 2007-10-22 10:40:16 411656 ----a-w- C:\windows\system32\xactengine2_10.dll
2013-09-22 18:42:28 . 2007-10-22 10:39:54 267272 ----a-w- C:\windows\SysWow64\xactengine2_10.dll
2013-09-22 18:41:58 . 2007-10-12 22:14:00 2006552 ----a-w- C:\windows\system32\D3DCompiler_36.dll
2013-09-22 18:41:58 . 2007-10-12 22:14:00 1374232 ----a-w- C:\windows\SysWow64\D3DCompiler_36.dll
2013-09-22 18:41:58 . 2007-10-02 16:56:34 444776 ----a-w- C:\windows\SysWow64\d3dx10_36.dll
2013-09-22 18:41:58 . 2007-10-02 16:56:30 508264 ----a-w- C:\windows\system32\d3dx10_36.dll
2013-09-22 18:41:38 . 2007-10-12 22:14:00 5081608 ----a-w- C:\windows\system32\d3dx9_36.dll
2013-09-22 18:41:38 . 2007-10-12 22:14:00 3734536 ----a-w- C:\windows\SysWow64\d3dx9_36.dll
2013-09-22 18:41:28 . 2007-07-20 07:57:44 411496 ----a-w- C:\windows\system32\xactengine2_9.dll
2013-09-22 18:41:28 . 2007-07-20 07:57:12 267112 ----a-w- C:\windows\SysWow64\xactengine2_9.dll
2013-09-22 18:41:17 . 2007-07-20 01:14:42 508264 ----a-w- C:\windows\system32\d3dx10_35.dll
2013-09-22 18:41:17 . 2007-07-20 01:14:42 444776 ----a-w- C:\windows\SysWow64\d3dx10_35.dll
2013-09-22 18:41:17 . 2007-07-20 01:14:42 1985904 ----a-w- C:\windows\system32\D3DCompiler_35.dll
2013-09-22 18:41:17 . 2007-07-20 01:14:42 1358192 ----a-w- C:\windows\SysWow64\D3DCompiler_35.dll
2013-09-22 18:39:57 . 2007-04-05 01:55:14 403304 ----a-w- C:\windows\system32\xactengine2_7.dll
2013-09-22 18:39:57 . 2007-04-05 01:55:00 261480 ----a-w- C:\windows\SysWow64\xactengine2_7.dll
2013-09-22 18:39:37 . 2007-03-15 23:57:58 506728 ----a-w- C:\windows\system32\d3dx10_33.dll
2013-09-22 18:39:37 . 2007-03-15 23:57:58 443752 ----a-w- C:\windows\SysWow64\d3dx10_33.dll
2013-09-22 18:39:37 . 2007-03-12 23:42:30 1400176 ----a-w- C:\windows\system32\D3DCompiler_33.dll
2013-09-22 18:39:37 . 2007-03-12 23:42:30 1123696 ----a-w- C:\windows\SysWow64\D3DCompiler_33.dll
2013-09-22 18:39:18 . 2007-03-12 23:42:30 4494184 ----a-w- C:\windows\system32\d3dx9_33.dll
2013-09-22 18:39:18 . 2007-03-12 23:42:30 3495784 ----a-w- C:\windows\SysWow64\d3dx9_33.dll
2013-09-22 18:39:07 . 2007-01-24 22:27:46 393576 ----a-w- C:\windows\system32\xactengine2_6.dll
2013-09-22 18:39:07 . 2007-01-24 22:27:30 255848 ----a-w- C:\windows\SysWow64\xactengine2_6.dll
2013-09-22 18:39:07 . 2006-12-08 19:02:00 251672 ----a-w- C:\windows\SysWow64\xactengine2_5.dll
2013-09-22 18:39:07 . 2006-12-08 19:00:30 390424 ----a-w- C:\windows\system32\xactengine2_5.dll
2013-09-22 18:38:57 . 2006-11-29 20:06:18 469264 ----a-w- C:\windows\system32\d3dx10.dll
2013-09-22 18:38:57 . 2006-11-29 20:06:18 440080 ----a-w- C:\windows\SysWow64\d3dx10.dll
2013-09-22 18:38:06 . 2007-03-05 19:42:18 15128 ----a-w- C:\windows\SysWow64\x3daudio1_1.dll
2013-09-22 18:38:06 . 2007-03-05 19:42:14 17688 ----a-w- C:\windows\system32\x3daudio1_1.dll
2013-09-22 18:38:06 . 2006-09-28 23:05:56 237848 ----a-w- C:\windows\SysWow64\xactengine2_4.dll
2013-09-22 18:38:06 . 2006-09-28 23:04:06 364824 ----a-w- C:\windows\system32\xactengine2_4.dll
2013-09-22 18:37:47 . 2006-09-28 23:05:36 3977496 ----a-w- C:\windows\system32\d3dx9_31.dll
2013-09-22 18:37:47 . 2006-09-28 23:05:20 2414360 ----a-w- C:\windows\SysWow64\d3dx9_31.dll
2013-09-22 18:37:36 . 2006-07-28 16:31:08 83736 ----a-w- C:\windows\system32\xinput1_2.dll
2013-09-22 18:37:36 . 2006-07-28 16:30:48 363288 ----a-w- C:\windows\system32\xactengine2_3.dll
2013-09-22 18:37:36 . 2006-07-28 16:30:32 236824 ----a-w- C:\windows\SysWow64\xactengine2_3.dll
2013-09-22 18:37:36 . 2006-07-28 16:30:14 62744 ----a-w- C:\windows\SysWow64\xinput1_2.dll
2013-09-22 18:37:26 . 2006-05-31 14:22:52 354072 ----a-w- C:\windows\system32\xactengine2_2.dll
2013-09-22 18:37:25 . 2006-03-31 19:39:48 83664 ----a-w- C:\windows\system32\xinput1_1.dll
2013-09-22 18:37:15 . 2006-03-31 19:40:06 352464 ----a-w- C:\windows\system32\xactengine2_1.dll
2013-09-22 18:35:40 . 2006-03-31 19:41:02 3927248 ----a-w- C:\windows\system32\d3dx9_30.dll
2013-09-22 18:35:18 . 2006-02-03 15:42:30 355536 ----a-w- C:\windows\system32\xactengine2_0.dll
2013-09-22 18:35:09 . 2006-02-03 15:41:18 16592 ----a-w- C:\windows\system32\x3daudio1_0.dll
2013-09-22 18:34:58 . 2006-02-03 15:43:28 3830992 ----a-w- C:\windows\system32\d3dx9_29.dll
2013-09-22 18:34:38 . 2005-12-06 01:09:42 3815120 ----a-w- C:\windows\system32\d3dx9_28.dll
2013-09-22 18:34:19 . 2005-07-23 02:59:08 3807440 ----a-w- C:\windows\system32\d3dx9_27.dll
2013-09-22 18:33:59 . 2005-05-26 22:34:58 3767504 ----a-w- C:\windows\system32\d3dx9_26.dll
2013-09-22 18:33:59 . 2005-05-26 22:34:52 2297552 ----a-w- C:\windows\SysWow64\d3dx9_26.dll
2013-09-22 18:33:39 . 2005-03-19 00:19:56 3823312 ----a-w- C:\windows\system32\d3dx9_25.dll
2013-09-22 18:33:19 . 2005-02-06 02:45:56 3544272 ----a-w- C:\windows\system32\d3dx9_24.dll
2013-09-22 18:17:12 . 1999-10-13 01:47:00 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2013-09-22 18:17:12 . 1999-10-13 01:45:00 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2013-09-22 18:11:20 . 2011-01-05 08:08:58 1109096 ----a-w- C:\windows\system32\drivers\rtl8192ce.sys
2013-09-22 18:11:20 . 2010-12-22 23:24:00 626792 ----a-w- C:\windows\system32\drivers\rtl819xp.sys
2013-09-22 18:11:20 . 2010-12-17 23:04:28 1221224 ----a-w- C:\windows\system32\drivers\rtl8192se.sys
2013-09-22 18:11:20 . 2010-04-01 21:01:10 442368 ----a-w- C:\windows\system32\drivers\rtl8187Se.sys
2013-09-22 18:11:20 . 2010-03-31 18:10:18 450048 ----a-w- C:\windows\system32\drivers\rtl8187B.sys
2013-09-22 18:11:08 . 2013-09-22 18:18:33 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2013-09-22 18:11:08 . 2010-12-01 16:31:18 451072 ----a-w- C:\windows\SysWow64\ISSRemoveSP.exe
2013-09-22 18:04:11 . 2013-09-22 18:04:12 -------- d-----w- C:\Program Files\Elantech
2013-09-22 18:01:45 . 2013-09-22 18:01:45 -------- d-----w- C:\windows\SysWow64\sda
2013-09-22 18:01:24 . 2010-10-08 18:49:08 9112168 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll
2013-09-22 18:01:24 . 2010-10-08 18:49:08 422504 ----a-w- C:\windows\system32\RtsUStor.dll
2013-09-22 18:01:24 . 2010-10-08 18:49:08 243712 ----a-w- C:\windows\system32\drivers\RtsUStor.sys
2013-09-22 18:01:23 . 2013-09-22 18:01:23 -------- d-----w- C:\Program Files (x86)\Realtek
2013-09-22 17:38:25 . 2011-02-09 02:07:00 38096 ----a-w- C:\windows\system32\drivers\PGEffect.sys
2013-09-22 16:55:31 . 2005-04-16 03:58:18 1351392 ----a-w- C:\windows\SysWow64\COMCTL32.OCX
2013-09-22 16:55:31 . 2004-03-09 23:00:00 152848 ----a-w- C:\windows\SysWow64\Comdlg32.ocx
2013-09-22 16:55:31 . 2004-03-09 23:00:00 1081616 ----a-w- C:\windows\SysWow64\mscomctl.ocx
2013-09-22 16:55:10 . 2006-03-23 21:44:30 9728 ----a-w- C:\windows\SysWow64\TCMSVR.dll
2013-09-22 16:55:09 . 2009-07-07 16:51:42 9216 ----a-w- C:\windows\system32\drivers\FwLnk.sys
2013-09-22 16:54:26 . 2003-11-11 01:12:12 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-09-22 16:54:16 . 2003-11-11 01:13:28 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-09-22 16:54:16 . 2003-11-11 01:12:42 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-09-22 16:54:15 . 2003-11-11 01:11:58 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-09-22 16:54:05 . 2013-09-22 16:54:05 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-09-22 16:54:05 . 2003-11-11 01:14:46 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-09-22 16:54:04 . 2013-09-22 16:54:04 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-09-22 03:05:07 . 2013-09-22 03:05:07 -------- d-----w- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2013-09-22 02:48:22 . 2013-09-22 02:49:50 -------- d-----w- C:\Program Files\CONEXANT
2013-09-22 02:43:17 . 2013-09-22 02:43:17 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ATI
2013-09-22 02:43:17 . 2013-09-22 02:43:17 -------- d-----w- C:\Users\Administrator\AppData\Local\ATI
2013-09-22 02:43:17 . 2013-09-22 02:43:17 -------- d-----w- C:\ProgramData\ATI
2013-09-22 02:30:35 . 2013-09-22 02:30:35 0 ----a-w- C:\windows\ativpsrm.bin
2013-09-21 21:19:02 . 2013-09-21 21:19:02 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-09-21 21:19:02 . 2013-09-21 21:19:02 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-09-21 20:38:34 . 2013-09-21 20:38:34 -------- d-----w- C:\Program Files\ATI
2013-09-21 20:34:41 . 2010-11-05 14:52:54 38016 ----a-w- C:\windows\system32\drivers\amd_xata.sys
2013-09-21 20:34:41 . 2010-11-05 14:52:52 75904 ----a-w- C:\windows\system32\drivers\amd_sata.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-09-22 19:47:03 . 2010-06-24 18:33:56 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-16 14:18:38 336384]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 17:59:04 1295224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 taisregispinger;taisregispinger;C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe;C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [x]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [x]
R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys;C:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS;C:\windows\SYSNATIVE\drivers\NISx64\1205000.07D\SYMDS64.SYS [x]
R3 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS;C:\windows\SYSNATIVE\drivers\NISx64\1205000.07D\SYMEFA64.SYS [x]
R3 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS;C:\windows\SYSNATIVE\drivers\NISx64\1205000.07D\Ironx64.SYS [x]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\drivers\NISx64\1205000.07D\SYMNETS.SYS;C:\windows\SYSNATIVE\drivers\NISx64\1205000.07D\SYMNETS.SYS [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys;C:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys;C:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys;C:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys;C:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe;C:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys;C:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys;C:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys;C:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys;C:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys;C:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-22 20:40:33 1177552 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2013-10-04 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-22 20:31:21 . 2013-09-22 20:31:10]

2013-10-05 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-22 20:31:21 . 2013-09-22 20:31:10]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 20:07:22 316032]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.10.1

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - C:\Program Files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-SmartFaceVWatcher - C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe


Report •

#16
October 5, 2013 at 00:11:04
Thanks thetechwizard112

Now run these please.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

4: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#17
October 5, 2013 at 14:06:53
cant run adwCleaner. not a valid win32 application
You can call me Kyle.
Thanks
Kyle

message edited by thetechwizard112


Report •

#18
October 5, 2013 at 14:21:30
Did you run Unhide & produce a log?

Report •

#19
October 5, 2013 at 14:25:11
"You can call me Kyle"
Thanks Kyle, John.

Report •

#20
October 12, 2013 at 12:27:41
Unhide is running now
Does unhide pop up with the log or do i have to go digging for it?

message edited by thetechwizard112


Report •

#21
October 12, 2013 at 12:36:24
Never mind. its on the desktop

Report •


Ask Question