PC Care "Cold Call" Logs

About three weeks ago, my father’s computer started slowing down, locking up and eventually no files can run after boot up. Desktop loads and then nothing can run. Will not even shut down.

Two days ago, he got the cold call from “PC Care” describing his problems and offering to fix them by taking his credit card number and taking control of the system. He did neither of those.

I have run the various suggested programs (adwcleaner, malwarebytes, otl) and attached the logs.

After running these programs, the problems still exist. Any help will be greatly appreciated.

Files are too large for one post. Will add them

Here are the other two files

you should have continued in your orginal topic to keep it all in one place http://forum.avast.com/index.php?topic=105066

anyway malware removers are notified and will check your logs: it may take hours before one arrive so be patient

you seem to have multiple Antivirus running ::slight_smile:
avast / McAfee / GFI / Lavasoft …

makes the machine slow as molasses and not more secure / false positive detections / mysterious windows errors etc etc

Hi which two of these three do you wish to lose ? Let me know and I will provide the removal tools McAfee:AVAST:Ad-Aware Antivirus:

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
F3:64bit: - HKU\S-1-5-21-2292345660-3887772447-3832002341-1001 WinNT: Load - (C:\Users\FERENCIE\LOCALS~1\Temp\oipcoaarbrdvgn.exe) - File not found
F3 - HKU\S-1-5-21-2292345660-3887772447-3832002341-1001 WinNT: Load - (C:\Users\FERENCIE\LOCALS~1\Temp\oipcoaarbrdvgn.exe) - File not found
[2012/09/03 00:00:20 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Sorry about the new post. The instructions said to start a new thread, but I see that is redundant now.

I have tried to uninstall McAfee multiple times but it never seems to go away. I would prefer to keep just avast running.

I will go over and try the fix tomorrow afternoon. Thank you for the help so far!

Sorry about the new post. The instructions said to start a new thread, but I see that is redundant now.
yes that is instructions for all those coming here for help, and that has not started a topic yet .....but you had already started one
I have tried to uninstall McAfee multiple times but it never seems to go away. I would prefer to keep just avast running.
you find McAfee removal tool here Nr. #22a http://singularlabs.com/uninstallers/security-software/

Ran the fix. After reboot, programs still not open. Attached are the log created after the fix and the log of the quickscan.

I will run the McAfee removal tool now. Thank you!

Download and run the following

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe This will remove McAfee

http://www.lavasoft.com/mylavasoft/support/supportcenter/faqs/how-to-uninstall How to remove AdAware antivirus

Once those two have completed then :

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

OK, so ran the fix. The good news is that some programs are now running. Explorer and Adobe seem to work fine. Office programs stall out when loading. Attached is the log.

No matter what I did to disable AdAware and Avast, I still got a warning that their scanners we active. I uninstalled both programs twice (with reboots for each) and it still said that they were active. No idea why…

OK office programs work now. Just being weird I guess…

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800} AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
Combofix is still seeing McAfee and Ad aware

How is the computer now ?