Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer slow, web pages very slow to load [Solved]


  • This topic is locked This topic is locked

#1
strew1221

strew1221

    Member

  • Member
  • PipPip
  • 49 posts
My computer is running extremely slow. When I can get on a web page it takes forever to load. I downloaded OTL and ran it. It's still running 4 hours later. I don't know what to do.
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello strew1221 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

If you manage to get OTL log please post it here for me. If you fail let me know so we can try something else.
  • 0

#3
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi maliprog, thank you for helping me. OTL ran for over 4 hours and didn't produce a log when it was done.

Edited by strew1221, 21 August 2013 - 08:24 AM.

  • 0

#4
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I finally got and OTL log:

OTL logfile created on: 8/21/2013 9:04:53 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.25 Gb Available Physical Memory | 14.31% Memory free
3.50 Gb Paging File | 1.82 Gb Available in Paging File | 52.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 107.98 Gb Free Space | 72.49% Space Free | Partition Type: NTFS

Computer Name: RCRUM-MINI | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/20 20:43:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/05 11:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/11/29 22:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/19 12:01:32 | 000,067,656 | ---- | M] (Simplygen) -- C:\Program Files\Protected Search\ProtectedSearch.exe
PRC - [2012/06/03 22:37:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/30 18:21:22 | 000,178,800 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe
PRC - [2012/01/31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/02/02 11:31:32 | 000,420,352 | ---- | M] (ScriptLogic Software Corporation) -- C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.Agent.exe
PRC - [2010/02/02 11:31:32 | 000,137,216 | ---- | M] (ScriptLogic Software Corporation) -- C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.UserExperience.exe
PRC - [2010/02/02 11:12:00 | 000,552,288 | ---- | M] (ScriptLogic Software Corporation) -- C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\SLClient.exe
PRC - [2009/07/30 16:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/30 16:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/30 09:58:56 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe
PRC - [2008/06/12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/18 13:27:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 22:35:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/16 22:32:10 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/16 20:54:26 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/13 00:04:44 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/01/31 19:36:28 | 000,884,736 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012/01/31 19:35:32 | 000,143,360 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012/01/31 19:34:34 | 000,172,032 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012/01/31 19:33:22 | 000,018,432 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012/01/31 19:33:18 | 000,009,728 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012/01/31 19:33:16 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012/01/31 19:33:16 | 000,008,704 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012/01/31 19:33:14 | 000,028,160 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012/01/31 19:33:12 | 000,012,288 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012/01/31 19:31:42 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012/01/31 19:31:36 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012/01/31 19:31:36 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012/01/31 19:31:04 | 000,033,792 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011/11/17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011/11/17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2010/11/04 21:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/07/13 01:29:42 | 000,143,360 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\connectionDetector.dll
MOD - [2010/07/13 01:28:42 | 000,856,064 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\fsk.dll
MOD - [2010/07/13 01:26:12 | 000,018,432 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
MOD - [2010/07/13 01:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
MOD - [2010/07/13 01:25:50 | 000,028,160 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ticket.dll
MOD - [2010/07/13 01:25:42 | 000,011,776 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
MOD - [2010/07/13 01:22:36 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskinLocalize.dll
MOD - [2010/07/13 01:22:02 | 000,009,728 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskPower.dll
MOD - [2010/07/13 01:16:16 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskDocumentViewer.dll
MOD - [2010/07/13 01:15:58 | 000,010,240 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
MOD - [2010/07/13 01:15:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\Fskin.dll
MOD - [2010/07/13 01:13:42 | 000,033,792 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskMediaPlayers.dll
MOD - [2010/07/13 01:10:56 | 000,172,032 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\USBDetector.dll
MOD - [2010/04/02 21:23:36 | 000,815,104 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\FskSecurity.dll
MOD - [2010/04/02 20:44:16 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookUsb.dll
MOD - [2009/07/30 16:49:52 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Services (SafeList) ==========

SRV - [2013/08/20 20:30:24 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/11/17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/08/18 10:28:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/18 09:21:41 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/02 11:31:32 | 000,420,352 | ---- | M] (ScriptLogic Software Corporation) [Auto | Running] -- C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.Agent.exe -- (ScriptLogic CBM Service)
SRV - [2010/02/02 11:12:00 | 000,552,288 | ---- | M] (ScriptLogic Software Corporation) [Auto | Running] -- C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\SLClient.exe -- (SLClient)
SRV - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/30 09:58:56 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\C771BUS.sys -- (C771BUS)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/21 19:07:20 | 000,078,720 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swiwdmbus.sys -- (swiwdmbus)
DRV - [2010/06/21 18:47:13 | 000,156,544 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3)
DRV - [2010/06/21 18:46:49 | 000,201,088 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2010/01/22 15:59:24 | 000,239,664 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/30 09:38:12 | 000,115,200 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbnethp.sys -- (qcusbnethp)
DRV - [2009/07/30 09:38:12 | 000,104,448 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbserhp.sys -- (qcusbserhp)
DRV - [2009/07/30 09:38:12 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcfilterhp.sys -- (QCFilterhp)
DRV - [2009/07/22 23:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/16 20:13:30 | 000,171,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/30 21:20:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/06/30 02:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/06/28 09:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009/06/26 00:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certif...=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certif...=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certif...=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...me=true&tid=592
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...me=true&tid=592
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...me=true&tid=592
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.certif...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certif...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certif...=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certif...=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certif...=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...me=true&tid=592
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...22DHP&dt=013113
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 E9 5D 29 43 A2 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...me=true&tid=592
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...me=true&tid=592
IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...ion=2.5.20000.3
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{7C5FCF52-4C5D-42BC-8E09-A89433920920}: "URL" = http://search.condui...SSPV=SP_IEWSP06
IE - HKCU\..\SearchScopes\{80F3A394-4A7D-4274-B154-C4C47AFEF084}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.certif...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/03 22:38:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Unfriend Checker\FF\


O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DesktopAuthority User Experience] C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.UserExperience.exe (ScriptLogic Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [attcm.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm.exe File not found
O4 - HKCU..\Run: [DriverScanner] "C:\Program Files\UpdateDriver\launcher.exe" delay 20000 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 3600
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EMPLOYEES.ROOT.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{009F9365-9B37-4949-A5A1-B7D2809F2AFD}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C821926-A952-4007-9A60-00FAB10A98F3}: DhcpNameServer = 4.2.2.1 68.87.75.194 68.87.64.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1666330-7741-4EDA-99E6-719C8B99E06F}: DhcpNameServer = 192.168.11.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{32ec37d4-02c3-11e2-a2ed-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{32ec37d4-02c3-11e2-a2ed-00a0c6000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\TL-Bootstrap.exe
O33 - MountPoints2\{5f97e1de-ade9-11e1-9ff3-70f395578ffd}\Shell - "" = AutoRun
O33 - MountPoints2\{5f97e1de-ade9-11e1-9ff3-70f395578ffd}\Shell\AutoRun\command - "" = D:\Autorun.exe /s
O33 - MountPoints2\{65d959ad-0cd3-11e2-b245-70f395578ffd}\Shell - "" = AutoRun
O33 - MountPoints2\{65d959ad-0cd3-11e2-b245-70f395578ffd}\Shell\AutoRun\command - "" = D:\WIN\setup.exe
O33 - MountPoints2\{6fa8ec75-3436-11e2-a74d-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{6fa8ec75-3436-11e2-a74d-00a0c6000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\TL-Bootstrap.exe
O33 - MountPoints2\{7bd9d71f-ab99-11e2-a9eb-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{7bd9d71f-ab99-11e2-a9eb-00a0c6000000}\Shell\AutoRun\command - "" = D:\win\setup.exe -phs
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/20 20:43:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013/08/20 20:32:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/18 14:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2013/08/18 14:13:11 | 000,000,000 | ---D | C] -- C:\b62e6110dad360ca0156c3f548a9c0
[2013/08/16 21:00:43 | 000,000,000 | ---D | C] -- C:\ddae796237252042a0f35e4aeebe
[2 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Admin\Documents\*.tmp files -> C:\Users\Admin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/21 09:25:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/21 09:10:41 | 000,016,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/21 09:10:41 | 000,016,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/21 08:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/21 08:55:15 | 1407,692,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/20 20:43:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013/08/16 21:52:29 | 000,639,508 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/16 21:52:29 | 000,113,198 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/04 12:18:48 | 000,004,280 | ---- | M] () -- C:\Windows\System32\1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70.lnk
[2 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Admin\Documents\*.tmp files -> C:\Users\Admin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/03 17:55:03 | 000,004,280 | ---- | C] () -- C:\Windows\System32\1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70.lnk
[2013/05/21 17:02:20 | 000,038,912 | ---- | C] () -- C:\Users\Admin\10076323.dot
[2012/10/14 19:04:15 | 000,015,432 | ---- | C] () -- C:\Windows\Launcher.exe
[2012/09/30 20:20:46 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/07/26 23:40:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\7c016ed97f89e662ce88ec874c253f9a_c
[2011/12/20 16:39:02 | 000,187,816 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/08/02 11:46:37 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{8D06C030-6879-4CF2-BE0C-656E1F44B17E}
[2011/07/22 21:45:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{45143CDB-DBF0-448E-A9C8-3A622C7002C4}
[2011/05/10 16:12:13 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{02D4B35D-130A-4480-BD91-E5B68F467AE4}
[2011/05/08 22:42:46 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{7156A007-713E-4084-BBF1-E12D760792B3}
[2010/12/29 00:55:03 | 000,007,168 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 15:54:19 | 000,009,532 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/11/16 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EazyPlanet
[2011/01/24 19:54:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FrostWire
[2012/10/02 17:02:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sierra Wireless
[2013/02/07 02:44:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SmartDraw
[2010/10/06 18:04:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Smith Micro
[2012/02/09 04:44:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\Users\Admin\Documents\paystub2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 188 bytes -> C:\Users\Admin\Documents\paystub.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi strew1221,

Step 1

Download the adwCleaner

  • Run the Tool
    (Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2012/09/19 12:01:32 | 000,067,656 | ---- | M] (Simplygen) -- C:\Program Files\Protected Search\ProtectedSearch.exe
    O33 - MountPoints2\{32ec37d4-02c3-11e2-a2ed-00a0c6000000}\Shell - "" = AutoRun
    O33 - MountPoints2\{32ec37d4-02c3-11e2-a2ed-00a0c6000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\TL-Bootstrap.exe
    O33 - MountPoints2\{5f97e1de-ade9-11e1-9ff3-70f395578ffd}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f97e1de-ade9-11e1-9ff3-70f395578ffd}\Shell\AutoRun\command - "" = D:\Autorun.exe /s
    O33 - MountPoints2\{65d959ad-0cd3-11e2-b245-70f395578ffd}\Shell - "" = AutoRun
    O33 - MountPoints2\{65d959ad-0cd3-11e2-b245-70f395578ffd}\Shell\AutoRun\command - "" = D:\WIN\setup.exe
    O33 - MountPoints2\{6fa8ec75-3436-11e2-a74d-00a0c6000000}\Shell - "" = AutoRun
    O33 - MountPoints2\{6fa8ec75-3436-11e2-a74d-00a0c6000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\TL-Bootstrap.exe
    O33 - MountPoints2\{7bd9d71f-ab99-11e2-a9eb-00a0c6000000}\Shell - "" = AutoRun
    O33 - MountPoints2\{7bd9d71f-ab99-11e2-a9eb-00a0c6000000}\Shell\AutoRun\command - "" = D:\win\setup.exe -phs
    [2013/08/04 12:18:48 | 000,004,280 | ---- | M] () -- C:\Windows\System32\1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70.lnk
    [2013/05/21 17:02:20 | 000,038,912 | ---- | C] () -- C:\Users\Admin\10076323.dot
    [2011/08/02 11:46:37 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{8D06C030-6879-4CF2-BE0C-656E1F44B17E}
    [2011/07/22 21:45:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{45143CDB-DBF0-448E-A9C8-3A622C7002C4}
    [2011/05/10 16:12:13 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{02D4B35D-130A-4480-BD91-E5B68F467AE4}
    [2011/05/08 22:42:46 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{7156A007-713E-4084-BBF1-E12D760792B3}
    @Alternate Data Stream - 188 bytes -> C:\Users\Admin\Documents\paystub2.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 188 bytes -> C:\Users\Admin\Documents\paystub.jpeg:3or4kl4x13tuuug3Byamue2s4b

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 4

Please don't forget to include these items in your reply:

  • adwCleaner log
  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#6
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
This has been fighting me every step of the way.

I ran adwCleaner but there was no delete button. The log file is as follows:

# AdwCleaner v3.000 - Report created 22/08/2013 at 09:22:13
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Admin - RCRUM-MINI
# Running from : C:\Users\Admin\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Protected Search
Folder Found C:\Program Files\Red Sky
Folder Found C:\Program Files\TotalRecipeSearch_14EI
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search
Folder Found C:\Users\Admin\AppData\Local\Conduit
Folder Found C:\Users\Admin\AppData\Local\DownTango
Folder Found C:\Users\Admin\AppData\Local\iMesh
Folder Found C:\Users\Admin\AppData\Local\PackageAware
Folder Found C:\Users\Admin\AppData\Local\SwvUpdater
Folder Found C:\Users\Admin\AppData\LocalLow\Conduit
Folder Found C:\Users\Admin\AppData\LocalLow\DownTangoLauncherToolbar
Folder Found C:\Users\Admin\AppData\LocalLow\PriceGong
Folder Found C:\Users\Admin\AppData\LocalLow\SimplyTech

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKCU\Software\ProtectedSearch
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1
Key Found : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin
Key Found : HKLM\Software\TotalRecipeSearch_14EI
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s

*************************

AdwCleaner[R0].txt - [8353 octets] - [22/08/2013 09:22:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8413 octets] ##########
  • 0

#7
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
OTL stopped responding while it was emptying temp. I had to force a reboot. I ran it again and this is the text file:

All processes killed
========== OTL ==========
No active process named ProtectedSearch.exe was found!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32ec37d4-02c3-11e2-a2ed-00a0c6000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32ec37d4-02c3-11e2-a2ed-00a0c6000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32ec37d4-02c3-11e2-a2ed-00a0c6000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32ec37d4-02c3-11e2-a2ed-00a0c6000000}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f97e1de-ade9-11e1-9ff3-70f395578ffd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f97e1de-ade9-11e1-9ff3-70f395578ffd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f97e1de-ade9-11e1-9ff3-70f395578ffd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f97e1de-ade9-11e1-9ff3-70f395578ffd}\ not found.
File D:\Autorun.exe /s not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65d959ad-0cd3-11e2-b245-70f395578ffd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65d959ad-0cd3-11e2-b245-70f395578ffd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65d959ad-0cd3-11e2-b245-70f395578ffd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65d959ad-0cd3-11e2-b245-70f395578ffd}\ not found.
File D:\WIN\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fa8ec75-3436-11e2-a74d-00a0c6000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fa8ec75-3436-11e2-a74d-00a0c6000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fa8ec75-3436-11e2-a74d-00a0c6000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fa8ec75-3436-11e2-a74d-00a0c6000000}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bd9d71f-ab99-11e2-a9eb-00a0c6000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd9d71f-ab99-11e2-a9eb-00a0c6000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bd9d71f-ab99-11e2-a9eb-00a0c6000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd9d71f-ab99-11e2-a9eb-00a0c6000000}\ not found.
File D:\win\setup.exe -phs not found.
File C:\Windows\System32\1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70.lnk not found.
File C:\Users\Admin\10076323.dot not found.
File C:\Users\Admin\AppData\Local\{8D06C030-6879-4CF2-BE0C-656E1F44B17E} not found.
File C:\Users\Admin\AppData\Local\{45143CDB-DBF0-448E-A9C8-3A622C7002C4} not found.
File C:\Users\Admin\AppData\Local\{02D4B35D-130A-4480-BD91-E5B68F467AE4} not found.
File C:\Users\Admin\AppData\Local\{7156A007-713E-4084-BBF1-E12D760792B3} not found.
Unable to delete ADS C:\Users\Admin\Documents\paystub2.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Admin\Documents\paystub.jpeg:3or4kl4x13tuuug3Byamue2s4b .
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 1595 bytes
->Temporary Internet Files folder emptied: 4615200 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 694 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: slogicadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: vingalls
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1050401822 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1727851 bytes

Total Files Cleaned = 1,008.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08222013_125327

Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\hsperfdata_RCRUM-MINI$\928 not found!
File\Folder C:\Windows\temp\fla1A04.tmp not found!
File\Folder C:\Windows\temp\fla3459.tmp not found!
File\Folder C:\Windows\temp\fla42C2.tmp not found!
File\Folder C:\Windows\temp\flaAE23.tmp not found!
File\Folder C:\Windows\temp\flaF4D5.tmp not found!
File\Folder C:\Windows\temp\TMP000000129053A336DEB17465 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#8
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Malwarebytes results:


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.22.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Admin :: RCRUM-MINI [administrator]

Protection: Enabled

8/22/2013 2:27:05 PM
mbam-log-2013-08-22 (14-27-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 305932
Time elapsed: 2 hour(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Datamngr (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bad: (http://search.certif...=592&bs=true&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certif...=592&bs=true&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certif...=592&bs=true&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certif...=592&bs=true&q=) Good: (http://www.google.com/) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certif...=592&bs=true&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bad: (http://search.certif...=592&bs=true&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certif...=592&bs=true&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certif...=592&bs=true&q=) Good: (http://www.google.com/) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search (PUP.ProtectedSearch) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Windows\Temp\notepad.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WMRT1YIL\upgrade[1].cab (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search\Protected Search Settings.lnk (PUP.ProtectedSearch) -> Quarantined and deleted successfully.

(end)
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi strew1221,

Before we continue can you tell me how is your system now?
  • 0

#10
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
It's still seems pretty sluggish but not as bad. Still slow moving from page to page on the internet. Pulling up a page to look at takes some time. The hard drive light is continuously blinking.
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try this step. Let me know results after this.

Download and run Puran Disc Defragmenter

NOTE: If it ask you to install and toolbar or any other software Skip the offer

Click on Boot Time Defrag button and choose Restart-Defrag-Restart + Disk check

Posted Image
  • 0

#12
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I ran the defrag. It showed nothing like the picture you have. Result are:

2013/08/23 at 22:46:14 - Boot Time Defrag Report
Analysis Report For C:

Total Files 180200
Total Directories 20260
Total Excluded 0
Total Deleted 0
Total Deleted Bytes 0 MB

Total Fragmented Files 21685
Total Fragmented Directories 85
Total Fragmented Bytes 3819 MB

MFT Fragments 6
Pagefile Fragments 1
Registry Fragments 2

Fragmentation Percentage By Size 9%
Fragmentation Percentage By Count 10%

Analysis Report For C: After Defragmentation

Total Fragmented Files 0
Total Fragmented Directories 0
Total Fragmented Bytes 0 MB

MFT Fragments 1
Registry Fragments 1
Pagefile Fragments 1

Fragmentation Percentage By Size 0%
Fragmentation Percentage By Count 0%


The following files/directories were defragmented - Top 10

Path Lcn Size in MB Fragments
C:\Windows\System32\wdi\LogFiles\BootCKCL.etl 9975307 23.89 3
C:\Users\Admin\Documents\Scanned Documents 17661 0.0 1
C:\Windows\System32\config\systemprofile\AppData 17667 0.1 1
C:\Program Files\Malwarebytes' Anti-Malware\Languages 17671 0.0 1
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active 17675 0.0 1
C:\Windows\System32\spool\drivers\w32x86\3 17679 0.1 1
C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\YXB9T4K4 17684 0.0 1
C:\Windows\SoftwareDistribution\Download\d3d553dd6a1c64ac38f96b479f04a31c 17701 0.1 1
C:\Windows\System32\wbem\en-US 17718 0.2 1
C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0 17724 0.1 1

Still running slow. Takes at least 2 minutes or more to get on the internet. Pages are slow loading. Get 'not responding' a lot when web pages are loaded. It just doesn't seem any better.

The windows update won't process. Malwarebytes keeps telling me that it successfully blocked a malicious website.

Edited by strew1221, 24 August 2013 - 09:05 AM.

  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi strew1221,

Let's see if anything is hiding from us.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply
  • 0

#14
strew1221

strew1221

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
After 3 hours the ComboFix box said "Completed Stage 48" and a popup box appeared saying "Find String (QGREP)Utility has stopped working. Close Program". I waited a little bit and nothing was happening so I hit the close program button in the box. 2 hours later ComboFix is still sitting at "Completed Stage 48".
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi strew1221,

Please check if you can find Combofix log in C:\Combofix.txt or C:\Qoobox\Combofix.txt.

If you can not find t then restart your system once and try to run Combofix again. Check again for log and let me know results.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP