Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Really poor performace!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Really poor performace!

Unread postby pgmigg » July 18th, 2015, 5:09 pm

Hello walshie,

She does need to keep LeapFrog for her kids, and the Trusteer and Rapport are all recommended by her bank to support her online banking.
Look like they may have to stay too!
It is OK - don't worry!

In such case the next steps are:

Step 1.
Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&FORM=IE8SRC
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9
    IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\..\SearchScopes\{F64D7644-C003-4E60-B445-752C6F53585A}: "URL" = http://www.flickr.com/search/?q= {searchTerms}
    IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\..\SearchScopes\{F9278F4E-9A5C-4651-BE56-12D8E68BC315}: "URL" = http://uk.search.yahoo.com/search?p= {searchTerms}&ei=utf-8&fr=chr-yie9
    CHR - Extension: No name found = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
    CHR - Extension: No name found = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
    CHR - Extension: No name found = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    [2014/01/16 11:43:26 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\AVG
    [2014/01/16 11:32:41 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\AVG2014
    [2012/07/22 09:03:09 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\Temp
    [2013/10/23 16:46:47 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\TuneUp Software
    [2013/11/30 19:21:49 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\Unity
    
    :Files
    C:\Windows\System32\*.tmp
    C:\Windows\*.tmp
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the ESETScan.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: Really poor performace!

Unread postby walshie » July 18th, 2015, 6:25 pm

HI,
The second OTL txt is here:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2168144753-1382697019-843529903-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2168144753-1382697019-843529903-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F64D7644-C003-4E60-B445-752C6F53585A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F64D7644-C003-4E60-B445-752C6F53585A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2168144753-1382697019-843529903-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F9278F4E-9A5C-4651-BE56-12D8E68BC315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9278F4E-9A5C-4651-BE56-12D8E68BC315}\ not found.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0 folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\_platform_specific\x86-32_ folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\_platform_specific folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\_metadata folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\audio folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0 folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_metadata folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\zh_TW folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\zh_CN folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\vi folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\uk folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\tr folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\th folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sv folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sr folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sl folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sk folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ru folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ro folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\pt_PT folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\pt_BR folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\pl folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\nl folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\nb folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\lv folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\lt folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ko folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ja folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\it folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\id folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\hu folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\hr folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\hi folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\fr folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\fil folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\fi folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\et folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\es_419 folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\es folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\en_GB folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\en folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\el folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\de folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\da folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\cs folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ca folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\bg folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\images folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\html folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\css folder moved successfully.
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Users\toshiba\AppData\Roaming\AVG\AWL2014\TuningIndex folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG\AWL2014\StartUp Manager\Disabled objects folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG\AWL2014\StartUp Manager folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG\AWL2014\Speed Optimizer folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG\AWL2014\Disk Space Explorer folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG\AWL2014\Dashboard folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG\AWL2014\Backups folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG\AWL2014 folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG\AWL\CrashDumps folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG\AWL folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG2014\cfgall folder moved successfully.
C:\Users\toshiba\AppData\Roaming\AVG2014 folder moved successfully.
C:\Users\toshiba\AppData\Roaming\Temp\Eastman Kodak Company folder moved successfully.
C:\Users\toshiba\AppData\Roaming\Temp folder moved successfully.
C:\Users\toshiba\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\toshiba\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\toshiba\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Users\toshiba\AppData\Roaming\Unity\WebPlayerPrefs\www_2erfu_2ecom folder moved successfully.
C:\Users\toshiba\AppData\Roaming\Unity\WebPlayerPrefs folder moved successfully.
C:\Users\toshiba\AppData\Roaming\Unity folder moved successfully.
========== FILES ==========
C:\Windows\System32\SET73A5.tmp moved successfully.
C:\Windows\System32\SET76E0.tmp moved successfully.
C:\Windows\System32\SET779F.tmp moved successfully.
C:\Windows\System32\SET7989.tmp moved successfully.
C:\Windows\msdownld.tmp folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\toshiba\Desktop\cmd.bat deleted successfully.
C:\Users\toshiba\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: toshiba
->Flash cache emptied: 506 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: toshiba
->Java cache emptied: 76912 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: toshiba
->Temp folder emptied: 8369899 bytes
->Temporary Internet Files folder emptied: 41769105 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10881382 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16016 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07182015_230928

Files\Folders moved on Reboot...
File\Folder C:\Users\toshiba\AppData\Local\Temp\~DF58FC.tmp not found!
File\Folder C:\Users\toshiba\AppData\Local\Temp\~DF5B81.tmp not found!
File\Folder C:\Users\toshiba\AppData\Local\Temp\~DF5C7E.tmp not found!
File\Folder C:\Users\toshiba\AppData\Local\Temp\~DF5F4F.tmp not found!
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\toshiba\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.5580.log moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\toshiba\AppData\Local\Trusteer\Rapport\user\logs\koan.5580.log moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S0KXUEMS\viewtopic[2].htm moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5ZGWDKWX\DroidSans[1].woff moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5ZGWDKWX\sh.e98bf07d[1].htm moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Seem to be having trouble with the ESET online scannner.
I get to the point where I hit 'start', I get a blue pop up box but then it doesn't seem to do anything.. just sit with th empty blue pop-up.
walshie
Regular Member
 
Posts: 61
Joined: December 17th, 2005, 1:06 pm

Re: Really poor performace!

Unread postby pgmigg » July 18th, 2015, 6:36 pm

Hello walshie,

Seem to be having trouble with the ESET online scannner.
I get to the point where I hit 'start', I get a blue pop up box but then it doesn't seem to do anything.. just sit with th empty blue pop-up.


The "empty blue pop-up box" is not an usual behavior of ESET. :roll:
Firstly, try to kill that box. If nothing happens, please restart the computer and try the run ESET again...
In normal conditions, the ESET firstly should download his own stuff (up to half an hour, depends on power of your computer and Internet connection speed) and then ir started to scan...

Please let me know the result.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Really poor performace!

Unread postby walshie » July 19th, 2015, 7:56 am

Hi,
Sorry but I may have been a bit stupid last night!
I tried to run ESET again but with the same result - just the blue pop-up.
I left it for about 45 minutes but no change.

I stopped it and trid it in Safe Mode - but got the same results.
I added the url to the site list in case it was being stopped - but no improvement.
This was all in IE - as it it what I am used to using.

This am I tried it again but in Chrome - and it was fine - just worked!
Sorry to have mucked you around.

Here is the txt generated by ESET:

C:\AdwCleaner\Quarantine\C\Users\toshiba\AppData\Roaming\Movdap\dat\cst.exe.vir a variant of MSIL/BrowseFox.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\system32\sasnative32.exe.vir Win32/AdvancedSystemProtector.A potentially unwanted application
C:\Users\toshiba\Downloads\ccsetup507 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\toshiba\Downloads\ccsetup507.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\toshiba\Downloads\MailNotifierSetupGB.exe Win32/Toolbar.Inbox.A potentially unwanted application
C:\Users\toshiba\Downloads\Documents\Dionne\Dream Planning\Wedding contacts\Non-Religious Ceremony Venues\Bristol\SS Great Britain\Feboz.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application


Hope that this is ok!
Thanks again for your help.
:lol:
walshie
Regular Member
 
Posts: 61
Joined: December 17th, 2005, 1:06 pm

Re: Really poor performace!

Unread postby pgmigg » July 19th, 2015, 11:01 am

Hello walshie,

Sorry but I may have been a bit stupid last night!
Don't worry - we are human and it is our nature to make mistakes from time to time... :) especially in such hot summer!

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    control folders
  5. Click on the View tab, then under the "Hidden files and folders" section
    • SELECT "Show hidden files and folders"
    • Remove check mark from check box "Hide extensions for known file types"
    • Remove check mark from check box "Hide protected operating system files"
  6. Press the Apply, then the OK buttons.

Step 2.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • Processes > All <- Important
    • Extra Registry > Use SafeList
    • LOP check
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Step 3.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Users\toshiba\Downloads\MailNotifierSetupGB.exe
C:\Users\toshiba\Downloads\Documents\Dionne\Dream Planning\Wedding contacts\Non-Religious Ceremony Venues\Bristol\SS Great Britain\Feboz.exe


Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file after OTL fresh scan
  3. The resulting web links after online file scan by Virus Total or Jotti.
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Really poor performace!

Unread postby walshie » July 19th, 2015, 12:18 pm

Hi,
Here is the OTL txt file:

OTL logfile created on: 19/07/2015 16:44:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\toshiba\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 58.03% Memory free
3.98 Gb Paging File | 3.01 Gb Available in Paging File | 75.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 23.03 Gb Free Space | 15.45% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-PC | User Name: toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - [2015/07/18 19:52:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
PRC - [2015/06/17 02:22:46 | 000,758,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2015/06/12 11:46:40 | 005,213,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2015/06/12 11:45:34 | 000,300,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2015/06/02 18:40:52 | 002,980,120 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2015/06/02 18:40:52 | 002,222,360 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2015/04/29 23:15:00 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/04/11 00:22:42 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2015/01/09 01:18:11 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2014/06/12 19:32:48 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2014/04/12 01:48:42 | 000,139,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
PRC - [2013/06/26 17:02:58 | 000,103,936 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2013/06/26 16:37:56 | 007,391,232 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/03/06 03:23:50 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/19 15:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 12:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/10/15 12:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/02 23:19:33 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
PRC - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2010/11/04 17:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010/09/21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010/08/25 20:45:42 | 000,266,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2010/08/17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010/07/26 02:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 07:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009/04/11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/11 07:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 11:40:44 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/08/14 11:40:36 | 001,348,904 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008/01/19 08:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008/01/19 08:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ctfmon.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll


========== Services (SafeList) ==========

SRV - [2015/07/15 11:05:49 | 000,268,976 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/06/12 11:48:40 | 003,257,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2015/06/12 11:45:34 | 000,300,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2015/06/02 18:40:52 | 002,222,360 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2015/04/29 23:15:00 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/04/08 14:50:12 | 000,708,616 | ---- | M] (Garmin Ltd. or its subsidiaries) [Auto | Stopped] -- C:\Program Files\Garmin\Device Interaction Service\GarminService.exe -- (Garmin Device Interaction Service)
SRV - [2013/06/26 16:37:56 | 007,391,232 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/19 15:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 12:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2015/06/23 10:31:03 | 000,531,416 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys -- (RapportCerberus_1412112)
DRV - [2015/06/18 08:41:50 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015/06/18 08:41:36 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015/06/02 18:41:04 | 000,337,176 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2015/06/02 18:41:04 | 000,280,088 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2015/06/02 18:41:04 | 000,218,264 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2015/06/02 18:41:04 | 000,068,280 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportHades.sys -- (RapportHades)
DRV - [2015/05/26 21:11:36 | 000,179,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2015/05/26 21:11:20 | 000,271,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2015/05/26 21:02:54 | 000,161,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2015/05/22 09:56:06 | 000,029,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2015/05/18 21:14:04 | 000,206,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/10/24 11:20:12 | 000,189,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/07/21 21:03:22 | 000,200,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014/06/30 12:43:12 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/06/17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/10 14:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 B2 CA 21 C0 F1 CE 01 [binary data]
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enGB414
IE - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\toshiba\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\toshiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/27 18:19:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/27 18:19:43 | 000,000,000 | ---D | M]

[2013/08/10 17:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKU\.DEFAULT..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\tray.exe (Garmin Ltd. or its subsidiaries)
O4 - HKU\S-1-5-18..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\tray.exe (Garmin Ltd. or its subsidiaries)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2168144753-1382697019-843529903-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\..Trusted Domains: eset.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2168144753-1382697019-843529903-1000\..Trusted Domains: eset.eu ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C174F4A7-D763-49F9-82C2-6C7FEF8C2E1F}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\toshiba\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\toshiba\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7efd8a95-338f-11e0-9ae4-00266c323ab8}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{8ed7fb13-1834-11e0-8931-00266c323ab8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015/07/19 10:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2015/07/18 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Roaming\AVG2014
[2015/07/18 23:09:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/07/18 19:52:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
[2015/07/18 19:38:16 | 004,197,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\toshiba\Desktop\tdsskiller.exe
[2015/07/18 19:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2015/07/18 18:27:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/07/16 21:16:33 | 000,098,520 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/07/16 21:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/07/16 21:16:10 | 000,094,936 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015/07/16 21:16:10 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015/07/16 21:16:10 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015/07/16 21:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/07/16 21:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/07/16 21:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/07/16 21:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/07/16 11:04:42 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/07/16 10:59:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015/07/16 10:59:13 | 000,296,960 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015/07/16 10:54:06 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll
[2015/07/15 11:35:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/07/15 11:35:13 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/07/15 11:35:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/07/15 11:35:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015/07/15 11:35:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015/07/15 11:35:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/07/15 11:35:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/07/15 11:35:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/07/15 11:35:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015/07/15 11:35:06 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/07/15 11:35:06 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/07/15 11:35:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/07/15 11:35:04 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/07/06 10:41:55 | 000,000,000 | ---D | C] -- C:\Users\toshiba\Downloads\Documents\Images for Naomi
[2015/07/06 10:41:44 | 000,000,000 | ---D | C] -- C:\Users\toshiba\Downloads\Documents\New Folder
[2015/07/01 14:00:06 | 000,000,000 | ---D | C] -- C:\TeamViewer
[2015/07/01 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Roaming\TeamViewer
[2015/07/01 13:56:37 | 000,000,000 | ---D | C] -- C:\TightVNC
[2015/06/24 15:24:40 | 000,000,000 | ---D | C] -- C:\Users\toshiba\Downloads\Documents\MBRFC PINK 2015-16

========== Files - Modified Within 30 Days ==========

[2015/07/19 17:05:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/07/19 16:41:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/07/19 16:37:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/07/19 16:34:22 | 000,004,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/07/19 16:34:21 | 000,004,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/07/19 16:34:15 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/07/18 23:34:02 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2168144753-1382697019-843529903-1000UA.job
[2015/07/18 19:52:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
[2015/07/18 19:38:17 | 004,197,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\toshiba\Desktop\tdsskiller.exe
[2015/07/18 18:48:10 | 000,026,230 | ---- | M] () -- C:\Users\toshiba\Desktop\junkware-removal-tool.htm
[2015/07/18 16:59:13 | 000,098,520 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/07/18 10:20:55 | 000,001,356 | ---- | M] () -- C:\Users\toshiba\AppData\Local\d3d9caps.dat
[2015/07/18 10:13:57 | 000,342,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/07/16 22:05:28 | 000,001,069 | ---- | M] () -- C:\Malware 16072015
[2015/07/16 21:16:13 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/07/16 21:11:37 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/07/16 11:38:44 | 000,690,598 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/07/16 11:38:44 | 000,137,998 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/07/16 10:32:44 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2168144753-1382697019-843529903-1000Core.job
[2015/07/15 11:33:11 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/07/15 11:05:48 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015/07/15 11:05:48 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/07/14 10:08:26 | 000,427,520 | ---- | M] () -- C:\Users\toshiba\Downloads\Documents\MFS R and ! certs.pub
[2015/07/07 16:58:51 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015/07/07 15:22:45 | 000,296,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015/07/03 14:12:35 | 000,385,024 | ---- | M] () -- C:\Users\toshiba\Downloads\Documents\Fun night prize.pub
[2015/07/03 06:18:15 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/06/29 20:22:41 | 000,000,158 | ---- | M] () -- C:\Users\toshiba\AppData\Roaming\WB.CFG
[2015/06/26 09:14:49 | 000,003,734 | ---- | M] () -- C:\Windows\System32\userawacs.cfg
[2015/06/26 09:14:44 | 000,000,470 | ---- | M] () -- C:\Windows\System32\usergui.cfg
[2015/06/26 08:50:51 | 000,140,260 | ---- | M] () -- C:\Users\toshiba\Downloads\Documents\Mobile Phone email.pdf
[2015/06/25 03:57:37 | 002,066,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files Created - No Company Name ==========

[2015/07/18 18:48:09 | 000,026,230 | ---- | C] () -- C:\Users\toshiba\Desktop\junkware-removal-tool.htm
[2015/07/16 22:05:28 | 000,001,069 | ---- | C] () -- C:\Malware 16072015
[2015/07/16 21:16:13 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/07/16 21:11:37 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/07/03 14:12:35 | 000,385,024 | ---- | C] () -- C:\Users\toshiba\Downloads\Documents\Fun night prize.pub
[2015/06/26 08:50:51 | 000,140,260 | ---- | C] () -- C:\Users\toshiba\Downloads\Documents\Mobile Phone email.pdf
[2015/05/17 07:09:04 | 000,000,000 | ---- | C] () -- C:\Users\toshiba\AppData\Local\{D698CFEC-AE0A-4034-8060-5AD622C6866A}
[2015/03/21 16:46:55 | 000,084,771 | ---- | C] () -- C:\Users\toshiba\is CAT.jpg
[2015/03/21 16:32:29 | 000,093,263 | ---- | C] () -- C:\Users\toshiba\SKINNER I.jpg
[2015/03/21 16:21:13 | 000,233,574 | ---- | C] () -- C:\Users\toshiba\ISABELLE SKINNER.jpg
[2014/11/14 18:20:52 | 000,076,168 | ---- | C] () -- C:\Users\toshiba\photo 2 (1).PNG
[2014/11/14 18:20:52 | 000,038,042 | ---- | C] () -- C:\Users\toshiba\photo 1 (1).PNG
[2014/11/14 18:13:34 | 001,095,218 | ---- | C] () -- C:\Users\toshiba\photo 3.PNG
[2014/11/14 18:13:34 | 000,075,671 | ---- | C] () -- C:\Users\toshiba\photo 2.PNG
[2014/11/14 18:13:34 | 000,034,426 | ---- | C] () -- C:\Users\toshiba\photo 1.PNG
[2014/05/20 19:54:56 | 000,000,158 | ---- | C] () -- C:\Users\toshiba\AppData\Roaming\WB.CFG
[2013/05/14 15:11:14 | 005,869,029 | ---- | C] () -- C:\Users\toshiba\042.JPG
[2011/08/23 11:56:44 | 000,055,464 | ---- | C] () -- C:\Users\toshiba\LCALLIG.TTF
[2011/08/20 12:20:41 | 000,000,373 | ---- | C] () -- C:\Users\toshiba\Documents - Shortcut.lnk
[2011/08/20 05:04:15 | 000,000,297 | ---- | C] () -- C:\Users\toshiba\toshiba - Shortcut.lnk
[2011/08/04 10:45:32 | 000,145,333 | ---- | C] () -- C:\Users\toshiba\disturbed-type_nashville.zip
[2011/01/06 12:38:19 | 000,028,160 | ---- | C] () -- C:\Users\toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/04 18:39:41 | 000,001,356 | ---- | C] () -- C:\Users\toshiba\AppData\Local\d3d9caps.dat
[2009/09/09 20:16:30 | 000,051,680 | ---- | C] () -- C:\Users\toshiba\old_stamper.ttf

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/18 03:02:58 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/21 13:38:43 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\AnvSoft
[2015/07/18 23:19:56 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\AVG2014
[2012/01/25 21:11:33 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\Canon
[2014/12/21 10:45:32 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\Dropbox
[2014/08/02 10:37:47 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\GARMIN
[2015/07/01 14:00:04 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\TeamViewer
[2011/03/20 18:46:32 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\Windows Live Writer

< End of report >
walshie
Regular Member
 
Posts: 61
Joined: December 17th, 2005, 1:06 pm

Re: Really poor performace!

Unread postby walshie » July 19th, 2015, 12:28 pm

Hi again,
These are the two links to the Jotti scan outcomes.
Hope that this is ok?

https://virusscan.jotti.org/en-GB/files ... 7fjp32mlai


https://virusscan.jotti.org/en-GB/files ... qj1cekfvwu

No problems running these instructions thanks.

Performance is already a lot better thanks.

Sean
:)
walshie
Regular Member
 
Posts: 61
Joined: December 17th, 2005, 1:06 pm

Re: Really poor performace!

Unread postby pgmigg » July 19th, 2015, 4:09 pm

Hello walshie,

Step 0.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    [2013/08/10 17:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    
    :Files
    C:\Users\toshiba\Downloads\MailNotifierSetupGB.exe
    C:\Users\toshiba\Downloads\Documents\Dionne\Dream Planning\Wedding contacts\Non-Religious Ceremony Venues\Bristol\SS Great Britain\Feboz.exe
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
OTL - Run Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button
    next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 2.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 3.
Hide Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    control folders
  5. Click on the View tab, then under the "Hidden files and folders" section
    • UNSELECT "Show hidden files and folders"
    • Place check mark in check box "Hide extensions for known file types"
    • Place check mark in check box "Hide protected operating system files"
  6. Press the Apply, then the OK buttons.

Step 4.
Please download delfix and save
it to your desktop.
  1. Right-click on delfix.exe and select "Run as administrator"to run it.
  2. Check the following boxes then click on Run.
    1. Activate UAC
    2. Remove disinfection tools
    3. Create registry backup
    4. Reset system settings
  3. All tools we used to clean your computer should be gone now.
  4. You can now delete any tools/logs we used if they remain on your computer.

Then:
  • Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to find
a short guide to staying safer online.


Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Really poor performace!

Unread postby walshie » July 19th, 2015, 6:39 pm

Hi,

Thanks so much for your help and patience!
Here is the last OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
========== FILES ==========
C:\Users\toshiba\Downloads\MailNotifierSetupGB.exe moved successfully.
C:\Users\toshiba\Downloads\Documents\Dionne\Dream Planning\Wedding contacts\Non-Religious Ceremony Venues\Bristol\SS Great Britain\Feboz.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: toshiba
->Temp folder emptied: 167592 bytes
->Temporary Internet Files folder emptied: 56045676 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6782511 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 291 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 534 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07192015_230647

Files\Folders moved on Reboot...
File\Folder C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\toshiba\AppData\Roaming\Dropbox\shellext \l\55abd20f not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


I have run the tidy up jobs and all aopears good now.

Thanks again!
S :cheers:
walshie
Regular Member
 
Posts: 61
Joined: December 17th, 2005, 1:06 pm

Re: Really poor performace!

Unread postby pgmigg » July 19th, 2015, 7:05 pm

Hello walshie,

Thanks so much for your help and patience!
You are very welcome! :D

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Really poor performace!

Unread postby NonSuch » July 20th, 2015, 1:48 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware