Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Running Slowly

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Computer Running Slowly

Unread postby knowlze » September 20th, 2012, 4:26 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-09-2012
Ran by SYSTEM at 21-09-2012 08:15:59
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [x]
HKLM\...\Run: [TgbVpn] "C:\Program Files (x86)\TheGreenBow\TheGreenBow VPN\vpnconf.exe" [1739320 2011-10-02] (TheGreenBow)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2770432 2010-02-09] (VIA)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS} [187696 2012-02-19] (Blabbers Communications LTD)
HKU\Domsfriend\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Domsfriend\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Domsfriend\...\Run: [Akamai NetSession Interface] "C:\Users\Domsfriend\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-09] (Akamai Technologies, Inc.)
HKU\Domsfriend\...\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-16] (Dxtory Software)
HKU\Domsfriend\...\Run: [Facebook Update] "C:\Users\Domsfriend\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-07] (Facebook Inc.)
HKU\Domsfriend\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-12] (Skype Technologies S.A.)
HKU\Domsfriend\...\Run: [Google Update] "C:\Users\Domsfriend\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-29] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759}: [NameServer]208.67.222.222
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Services (Whitelisted) ===================

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2011-08-25] ()
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll [4537664 2012-09-10] (Akamai Technologies, Inc.)
2 Browser Manager; C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [1701400 2012-09-18] ()
2 Folding@home-CPU-[1]; C:\Folding@HomeCPU\1\Fah.exe -svcstart -d "C:\Folding@HomeCPU\1" [422400 2011-11-04] ()
2 Folding@home-CPU-[2]; C:\Folding@HomeCPU\2\Fah.exe -svcstart -d "C:\Folding@HomeCPU\2" [422400 2011-11-04] ()
2 Folding@home-CPU-[3]; C:\Folding@HomeCPU\3\Fah.exe -svcstart -d "C:\Folding@HomeCPU\3" [422400 2011-11-04] ()
2 Folding@home-CPU-[4]; C:\Folding@HomeCPU\4\Fah.exe -svcstart -d "C:\Folding@HomeCPU\4" [422400 2011-11-04] ()
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-08-28] (LogMeIn Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-15] ()
2 TgbIke Starter; C:\Windows\System32\tgbstarter.exe [162872 2009-11-20] (TheGreenBow)
3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [738152 2012-07-18] (Tunngle.net GmbH)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2011-04-26] ()

==================== Drivers (Whitelisted) =====================

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-03] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-04-09] (DT Soft Ltd)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-17] (LogMeIn, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
1 ndistgb; C:\Windows\System32\Drivers\ndistgb.sys [28728 2011-07-22] (TheGreenBow)
1 TgbIpSec; C:\Windows\System32\Drivers\dfiltervpn.sys [132664 2009-11-20] (TheGreenBow)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-20 12:12 - 2012-09-20 12:12 - 00000000 ____D C:\Users\Public\Documents\Tunngle
2012-09-20 12:11 - 2012-09-20 12:12 - 00000000 ____D C:\Program Files (x86)\Tunngle
2012-09-20 10:22 - 2012-09-20 10:22 - 00002346 ____A C:\Users\Public\Desktop\Borderlands 2.lnk
2012-09-19 14:07 - 2012-09-19 14:16 - 00153210 ____A C:\Users\Domsfriend\Desktop\OTL.Txt
2012-09-19 01:56 - 2012-09-19 01:56 - 00600064 ____A (OldTimer Tools) C:\Users\Domsfriend\Desktop\OTL.exe
2012-09-18 14:45 - 2012-09-18 14:45 - 00000000 ____D C:\Users\All Users\Browser Manager
2012-09-18 14:44 - 2012-09-18 14:44 - 00000000 ____D C:\Program Files (x86)\BrowserCompanion
2012-09-18 14:30 - 2012-09-19 03:02 - 00021104 ____A C:\Users\Domsfriend\Desktop\SystemLook.txt
2012-09-18 14:30 - 2012-09-18 14:30 - 00165376 ____A C:\Users\Domsfriend\Desktop\SystemLook_x64.exe
2012-09-17 19:27 - 2012-09-17 19:27 - 00000000 ____D C:\Users\Domsfriend\Documents\FLiNGTrainer
2012-09-17 04:06 - 2012-09-17 04:06 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2012-09-17 04:06 - 2012-09-17 04:06 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\eSupport.com
2012-09-17 04:05 - 2012-09-17 04:05 - 00624784 ____A (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Domsfriend\Downloads\driveragent_987.exe
2012-09-17 03:50 - 2012-09-17 03:49 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-17 03:42 - 2012-09-17 03:42 - 00894952 ____A (Oracle Corporation) C:\Users\Domsfriend\Downloads\jxpiinstall(1).exe
2012-09-17 03:41 - 2012-09-17 03:41 - 00245760 ____A C:\Users\Domsfriend\Downloads\SystemRequirementsLab_cyri_4.5.1.0.msi
2012-09-16 22:47 - 2012-09-16 22:47 - 00000000 ____D C:\Users\Domsfriend\AppData\Roaming\Fatshark
2012-09-16 15:43 - 2012-09-16 15:43 - 00001179 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade With Fire and Sword.lnk
2012-09-16 15:38 - 2012-09-16 15:44 - 00000000 ____D C:\Program Files (x86)\Mount&Blade With Fire and Sword
2012-09-16 04:57 - 2012-09-16 04:57 - 01331389 ____A C:\Users\Domsfriend\Downloads\firebug-1.9.0-fx.xpi
2012-09-16 04:34 - 2012-09-16 04:34 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Macromedia
2012-09-15 14:40 - 2012-09-15 14:40 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-09-15 14:39 - 2012-09-20 12:12 - 00000000 ____D C:\Users\Domsfriend\AppData\Roaming\uTorrent
2012-09-10 19:31 - 2012-09-10 19:31 - 00000000 ____D C:\_OTL
2012-09-10 01:41 - 2012-09-10 01:41 - 00030014 ____A C:\ComboFix.txt
2012-09-10 00:56 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-10 00:56 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-10 00:56 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-10 00:56 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-10 00:56 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-10 00:56 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-10 00:56 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-10 00:56 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-10 00:55 - 2012-09-10 01:41 - 00000000 ____D C:\Qoobox
2012-09-10 00:45 - 2012-09-10 01:29 - 00000000 ____D C:\Windows\erdnt
2012-09-08 00:13 - 2012-09-08 00:13 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-09-07 20:25 - 2012-09-19 02:56 - 00000000 ____D C:\Users\Domsfriend\AppData\Roaming\Skype
2012-09-07 20:25 - 2012-09-07 20:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-09-07 20:25 - 2012-09-07 20:29 - 00000000 ____D C:\Users\All Users\Skype
2012-09-07 19:22 - 2012-09-07 19:23 - 00000000 ____D C:\FRST
2012-09-07 02:23 - 2012-09-20 11:36 - 00000948 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
2012-09-07 02:23 - 2012-09-20 02:36 - 00000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
2012-09-07 02:23 - 2012-09-07 02:27 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Facebook
2012-09-07 00:50 - 2012-09-07 00:52 - 00009719 ____A C:\Users\Domsfriend\Documents\Uninstall Dragon Age 2.log
2012-09-06 20:10 - 2012-09-06 20:10 - 00262144 ____N C:\Windows\Minidump\090712-26130-01.dmp
2012-08-31 22:34 - 2012-09-06 19:37 - 00000000 ____D C:\Windows\W7SBC
2012-08-31 22:34 - 2011-12-25 03:04 - 02388992 ____A (Microsoft Corporation) C:\Windows\explorer_edit_w7sbc.exe
2012-08-31 22:34 - 2011-12-25 03:04 - 02388992 ____A (Microsoft Corporation) C:\Windows\explorer_backup_w7sbc.exe
2012-08-31 22:28 - 2012-09-04 20:18 - 00151608 ____A C:\Windows\UTP.exe
2012-08-31 22:28 - 2010-11-20 19:24 - 00898560 ____A (Microsoft Corporation) C:\Windows\System32\OobeFldr_backup_wti.dll
2012-08-31 22:28 - 2009-12-30 21:22 - 01842688 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame_backup_wti.dll
2012-08-31 22:28 - 2009-12-30 21:18 - 03208192 ____A (Microsoft Corporation) C:\Windows\explorer_backup_wti.exe
2012-08-31 22:28 - 2009-12-30 20:39 - 15181312 ____A (Microsoft Corporation) C:\Windows\System32\shell32_backup_wti.dll
2012-08-31 22:28 - 2009-07-13 17:16 - 02755072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll.backup
2012-08-31 22:28 - 2009-07-13 17:11 - 00245760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll.backup
2012-08-31 22:16 - 2012-09-07 19:26 - 00000000 ____D C:\Program Files\Theme Resource Changer
2012-08-31 02:15 - 2011-10-10 23:10 - 00009106 ____A C:\Program Files (x86)\HUD RED Topshell.theme
2012-08-31 02:15 - 2011-10-10 23:10 - 00009088 ____A C:\Program Files (x86)\HUD RED.theme
2012-08-31 02:15 - 2011-10-10 23:09 - 00009112 ____A C:\Program Files (x86)\HUD RED Topshell Basic.theme
2012-08-31 02:15 - 2011-10-10 23:08 - 00009094 ____A C:\Program Files (x86)\HUD RED Basic.theme
2012-08-31 02:06 - 2012-09-04 21:17 - 00000000 ____D C:\Program Files (x86)\HUD RED
2012-08-31 01:47 - 2012-09-06 19:37 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Korbin_Bickel
2012-08-31 01:47 - 2012-09-04 21:17 - 00000000 ____D C:\Program Files (x86)\Theme Manager
2012-08-31 01:40 - 2009-07-13 17:41 - 02851328 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll.backup
2012-08-31 01:40 - 2009-07-13 17:41 - 00332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll.backup
2012-08-31 01:40 - 2009-07-13 17:41 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll.backup
2012-08-30 16:32 - 2012-08-30 16:32 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-08-26 22:55 - 2012-08-26 22:55 - 00000000 ____D C:\Users\Domsfriend\Documents\NBGI
2012-08-26 22:55 - 2012-08-26 22:55 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\NBGI
2012-08-25 21:53 - 2012-08-25 21:53 - 00262664 ____A C:\Users\Domsfriend\AppData\Roaming\fk1xxx.e2ts
2012-08-25 14:56 - 2012-09-11 02:50 - 00000000 ____D C:\Program Files (x86)\PrivitizeVPN
2012-08-22 02:22 - 2012-08-22 02:22 - 00000000 ____D C:\Ubisoft
2012-08-22 02:20 - 2012-09-19 16:07 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Deployment
2012-08-22 02:20 - 2012-09-10 01:46 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Apps\2.0


==================== 3 Months Modified Files ==================

2012-09-20 12:13 - 2011-02-11 22:02 - 02065630 ____A C:\Windows\WindowsUpdate.log
2012-09-20 12:12 - 2012-09-20 12:12 - 00000991 ____A C:\Users\Public\Desktop\Tunngle beta.lnk
2012-09-20 12:01 - 2012-04-07 13:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-20 11:52 - 2012-05-29 00:32 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
2012-09-20 11:36 - 2012-09-07 02:23 - 00000948 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
2012-09-20 10:22 - 2012-09-20 10:22 - 00002346 ____A C:\Users\Public\Desktop\Borderlands 2.lnk
2012-09-20 02:36 - 2012-09-07 02:23 - 00000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
2012-09-20 02:23 - 2011-04-27 18:20 - 00139808 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-20 00:52 - 2012-05-29 00:32 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
2012-09-19 20:14 - 2011-04-26 02:50 - 00139808 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-09-19 18:58 - 2009-07-13 20:51 - 00879372 ____A C:\Windows\setupact.log
2012-09-19 14:16 - 2012-09-19 14:07 - 00153210 ____A C:\Users\Domsfriend\Desktop\OTL.Txt
2012-09-19 03:02 - 2012-09-18 14:30 - 00021104 ____A C:\Users\Domsfriend\Desktop\SystemLook.txt
2012-09-19 02:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-19 02:03 - 2011-02-11 23:03 - 00602596 ____A C:\Windows\PFRO.log
2012-09-19 02:02 - 2011-10-06 01:27 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2012-09-19 01:56 - 2012-09-19 01:56 - 00600064 ____A (OldTimer Tools) C:\Users\Domsfriend\Desktop\OTL.exe
2012-09-18 14:44 - 2012-05-05 17:24 - 00000805 ____A C:\user.js
2012-09-18 14:30 - 2012-09-18 14:30 - 00165376 ____A C:\Users\Domsfriend\Desktop\SystemLook_x64.exe
2012-09-17 04:12 - 2009-07-13 20:45 - 00014416 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-17 04:12 - 2009-07-13 20:45 - 00014416 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-17 04:06 - 2012-09-17 04:06 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2012-09-17 04:05 - 2012-09-17 04:05 - 00624784 ____A (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Domsfriend\Downloads\driveragent_987.exe
2012-09-17 03:49 - 2012-09-17 03:50 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-17 03:49 - 2011-04-11 23:09 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-17 03:42 - 2012-09-17 03:42 - 00894952 ____A (Oracle Corporation) C:\Users\Domsfriend\Downloads\jxpiinstall(1).exe
2012-09-17 03:41 - 2012-09-17 03:41 - 00245760 ____A C:\Users\Domsfriend\Downloads\SystemRequirementsLab_cyri_4.5.1.0.msi
2012-09-16 22:46 - 2011-02-28 01:29 - 01528532 ____A C:\Windows\DirectX.log
2012-09-16 15:43 - 2012-09-16 15:43 - 00001179 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade With Fire and Sword.lnk
2012-09-16 04:57 - 2012-09-16 04:57 - 01331389 ____A C:\Users\Domsfriend\Downloads\firebug-1.9.0-fx.xpi
2012-09-10 01:41 - 2012-09-10 01:41 - 00030014 ____A C:\ComboFix.txt
2012-09-10 01:19 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-07 15:55 - 2011-04-22 00:49 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-09-07 15:55 - 2011-02-28 19:36 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-09-07 00:52 - 2012-09-07 00:50 - 00009719 ____A C:\Users\Domsfriend\Documents\Uninstall Dragon Age 2.log
2012-09-07 00:23 - 2011-02-14 16:30 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-06 20:10 - 2012-09-06 20:10 - 00262144 ____N C:\Windows\Minidump\090712-26130-01.dmp
2012-09-05 11:20 - 2011-10-30 22:17 - 00000254 ____A C:\Users\Domsfriend\Downloads\RemoveWAT21.rar
2012-09-04 20:18 - 2012-08-31 22:28 - 00151608 ____A C:\Windows\UTP.exe
2012-08-31 22:37 - 2009-07-13 20:45 - 05062304 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-31 22:28 - 2009-07-13 15:39 - 02755072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2012-08-31 22:28 - 2009-07-13 15:39 - 00245760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2012-08-31 01:40 - 2009-07-13 15:55 - 00332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2012-08-31 01:40 - 2009-07-13 15:54 - 02851328 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2012-08-31 01:40 - 2009-07-13 15:54 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll
2012-08-28 20:53 - 2011-03-10 21:51 - 00188416 __ASH C:\Users\Domsfriend\Desktop\Thumbs.db
2012-08-28 01:37 - 2011-02-28 19:36 - 00281120 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-08-25 21:53 - 2012-08-25 21:53 - 00262664 ____A C:\Users\Domsfriend\AppData\Roaming\fk1xxx.e2ts
2012-08-21 01:13 - 2012-08-12 20:55 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-21 01:13 - 2011-05-25 19:55 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-21 01:12 - 2011-02-14 16:30 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-21 01:12 - 2011-02-14 16:29 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-21 01:12 - 2011-02-14 16:29 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-16 22:38 - 2012-08-16 22:37 - 00014013 ____A C:\Users\Domsfriend\Documents\Install STAR WARS The Old Republic.log
2012-08-15 03:02 - 2012-04-07 13:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 03:02 - 2011-06-23 19:49 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-11 20:37 - 2011-05-30 03:39 - 00002443 ____A C:\Windows\DXError.log
2012-08-10 22:27 - 2012-08-10 22:27 - 00001335 ____A C:\Users\UpdatusUser\Desktop\Play Star Wars Battlefront II.lnk
2012-07-29 20:55 - 2009-07-13 21:08 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-17 20:50 - 2012-07-17 20:48 - 00004357 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b05.log
2012-07-17 20:38 - 2012-07-17 20:37 - 00833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2012-07-17 20:38 - 2012-07-17 20:37 - 00002048 ____A C:\Windows\SysWOW64\winver.exe
2012-07-17 20:37 - 2012-07-17 20:37 - 00410624 ____A C:\Windows\SysWOW64\systemcpl.dll
2012-07-17 20:37 - 2012-07-17 20:37 - 00113543 ____A C:\Windows\SysWOW64\slmgr.vbs
2012-07-17 20:37 - 2012-07-17 20:37 - 00113543 ____A C:\Windows\System32\slmgr.vbs
2012-07-17 20:37 - 2012-07-17 20:37 - 00001536 ____A C:\Windows\SysWOW64\sppcomapi.dll
2012-07-15 22:07 - 2012-07-15 22:07 - 00000012 ____A C:\Windows\srun.log
2012-06-28 00:23 - 2012-06-01 15:47 - 00476976 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2011-04-25 14:13] - [2009-12-30 21:18] - 3208192 ____A (Microsoft Corporation) FB1A146CAF496742EDB4BC14808440CF

C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2011-10-21 20:41] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2012-07-17 20:37] - [2012-07-17 20:38] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-19 01:58:12
Restore point made on: 2012-09-19 02:00:18
Restore point made on: 2012-09-19 02:46:18
Restore point made on: 2012-09-20 10:29:42

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4094.18 MB
Available physical RAM: 3465.68 MB
Total Pagefile: 4092.32 MB
Available Pagefile: 3457.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:334.9 GB) NTFS
2 Drive e: (Fired Up) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
3 Drive f: (LINCOLN 1) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F LINCOLN 1 FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2012-09-15 15:29

==================== End Of Log =============================
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm
Advertisement
Register to Remove

Re: Computer Running Slowly

Unread postby Cypher » September 21st, 2012, 5:55 am

Hi knowlze,

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :processes
    killallprocesses
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=114733 ... 7f74f75f77
    IE- HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,DefaultScope = {DB1378C1-910A-41B8-98DF-BB8A24DA202F}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=114733&tt=120912_ccp_3812_2&babsrc=SP_ss&mntrId=809c75b4000000000000687f74f75f77
    O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/19 10:45:05 | 000,000,000 | ---D | M]
    O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
    
    :files
    C:\ProgramData\Browser Manager
    C:\Program Files (x86)\uTorrent
    C:\Windows\assembly\Desktop.ini
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Computer Running Slowly

Unread postby knowlze » September 21st, 2012, 6:18 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
- HKCU\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E :invalid edit format. No such root key.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b64982b1-d112-42b5-b1e4-d3867c4533f8}\ not found.
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content folder moved successfully.
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components folder moved successfully.
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll deleted successfully.
c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll moved successfully.
========== FILES ==========
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\crashReports folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.643.41 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Program Files (x86)\uTorrent folder moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Domsfriend\Desktop\cmd.bat deleted successfully.
C:\Users\Domsfriend\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Domsfriend
->Temp folder emptied: 7984186 bytes
->Temporary Internet Files folder emptied: 18201124 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 52721775 bytes
->Flash cache emptied: 3372 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1874 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75.00 mb


OTL by OldTimer - Version 3.2.64.0 log created on 09212012_221125

Files\Folders moved on Reboot...
Folder move failed. C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.643.41 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.643.41 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Users\Domsfriend\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Computer Running Slowly

Unread postby Cypher » September 21st, 2012, 6:53 am

Hi knowlze,
Please reboot your computer if you haven't done so already.
And post the ESET log when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Computer Running Slowly

Unread postby knowlze » September 21st, 2012, 9:26 am

C:\FRST\Quarantine\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\00000004.@ Win64/Conedex.C trojan
C:\FRST\Quarantine\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\00000008.@ Win64/Agent.BA trojan
C:\FRST\Quarantine\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\000000cb.@ Win64/Conedex.B trojan
C:\FRST\Quarantine\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\80000000.@ Win64/Sirefef.AP trojan
C:\FRST\Quarantine\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\80000032.@ Win32/Sirefef.FD trojan
C:\FRST\Quarantine\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\80000064.@ Win64/Sirefef.AN trojan
C:\Games\Dark Souls\DARKSOULS.exe a variant of Win32/Injector.Autoit.AH trojan
C:\Games\Dark Souls\xlive.dll a variant of Win32/Packed.VMProtect.AAN trojan
C:\Microgaming\Casino\YukonGold\install.exe probably a variant of Win32/PrimeCasino application
C:\Program Files (x86)\APB\APB_Reloaded_Installer.exe Win32/OpenCandy application
C:\Program Files (x86)\Chief Architect\Chief Architect Premier X3\disable_activation.cmd BAT/HostsChanger.A application
C:\Program Files (x86)\Mount&Blade\mount&blade-uniloader.exe probably a variant of Win32/HackTool.Patcher.N application
C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application
C:\ProgramData\YouTube Downloader\ytd_installer.exe probably a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Users\Domsfriend\AppData\Local\setup.exe.vir multiple threats
C:\Users\All Users\YouTube Downloader\ytd_installer.exe probably a variant of Win32/Toolbar.Widgi application
C:\Users\Domsfriend\Desktop\Stuff\CorelDRAW Graphics\Keygen-CORE\keygen.exe a variant of Win32/Keygen.AU application
C:\Users\Domsfriend\Desktop\Stuff\Install\gamebooster.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Domsfriend\Desktop\Stuff\Install\Tuneup Media v1.1.9 (Itunes plugin) + Fix [RH]\TUM.1.1.9_[RH].rar Win32/HackTool.CheatEngine.AB application
C:\Users\Domsfriend\Downloads\gamebooster.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Domsfriend\Downloads\SoftonicDownloader_for_steam.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\Domsfriend\Downloads\Update.and.Crack-ASC-II-Mbb.rar a variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\Domsfriend\Downloads\YouTubeDownloaderSetup274.exe multiple threats
C:\Windows\Installer\612dc.msi a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.old a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar Win32/Adware.OneStep application
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Computer Running Slowly

Unread postby Cypher » September 21st, 2012, 10:33 am

Hi knowlze,
Good work so far, i need you to run another SystemLook scan for me.

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Searchqu*
    *Babylon*
    *Browser Manager*
    
    :folderfind
    *Searchqu*
    *Babylon*
    *Browser Manager*
    
    :Regfind
    Searchqu
    Babylon
    Browser Manager
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Computer Running Slowly

Unread postby knowlze » September 21st, 2012, 8:08 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 12:04 on 22/09/2012 by Domsfriend
Administrator - Elevation successful

========== filefind ==========

Searching for "*Searchqu*"
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.searchquotes.com%2Ffavicon.png --a---- 589 bytes [13:55 18/08/2012] [13:55 18/08/2012] 5F32D061C08C568AB6EBDFD4414AF7CB
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\www.searchquotes.com.idx --a---- 94 bytes [13:55 18/08/2012] [13:55 18/08/2012] 599217F5335E0E903C90C0B14947B3D7
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [09:14 19/09/2011] [09:14 19/09/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [09:14 19/09/2011] [09:14 19/09/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*Babylon*"
C:\Program Files (x86)\BestGameEver\Audiosurf\engine\AudiosurfHC\101949923 - Congorock - Babylon.mp3.ash --a---- 33588 bytes [07:50 21/03/2012] [07:50 21/03/2012] F1807F46B6A1832F9FC60CE2E865E565
C:\Users\Domsfriend\Desktop\Music\Music\23 - Congorock - Babylon.mp3 --a---- 6243849 bytes [22:12 11/12/2011] [22:39 11/12/2011] 4A5BA04BE6C9E82ED756D146D7BDE97F
C:\Users\Domsfriend\Desktop\Music\Music\All Songs\David Gray - Babylon.mp3 --a---- 4253709 bytes [10:37 05/07/2011] [04:52 17/06/2007] F8A8FF90317D5A1156A13C0214E59FE2
C:\Users\Domsfriend\Desktop\Music\Music\Top Songs\APB\23 - Congorock - Babylon.mp3 --a---- 6243849 bytes [06:04 12/12/2011] [22:39 11/12/2011] 4A5BA04BE6C9E82ED756D146D7BDE97F
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\babylon_logo.png --a---- 3577 bytes [09:14 19/09/2011] [09:14 19/09/2011] 30FF3A31EDC0442F934F703C26B9F572
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll --a---- 237680 bytes [12:23 14/08/2011] [12:23 14/08/2011] 034C197E79D7233BD04BFAC1710CB988
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll --a---- 270960 bytes [12:24 14/08/2011] [12:24 14/08/2011] C471B1EEF9DF1C55B5261006CE04E11F
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\babylon.css --a---- 2981 bytes [09:26 27/09/2011] [09:26 27/09/2011] DAD261AA3C9200A10529A26CC9A63285
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\babylon.xul --a---- 10941 bytes [12:34 20/11/2011] [12:34 20/11/2011] 97BF7CBF63DFFEEC117A1A7F788D71DA
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences\babylon.js --a---- 814 bytes [01:23 06/05/2012] [06:45 27/05/2012] 3F245C585EBABA47E17D90AD05B9AF6A
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml --a---- 2355 bytes [01:23 06/05/2012] [06:45 27/05/2012] 77FA08B277C34F85E742D68AF97BFA6D
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png --a---- 3577 bytes [09:14 19/09/2011] [09:14 19/09/2011] 30FF3A31EDC0442F934F703C26B9F572
C:\_OTL\MovedFiles\09112012_225020\C_Users\Domsfriend\AppData\Local\Babylon\Setup\Babylon.dat --a---- 12848 bytes [22:56 25/08/2012] [14:03 01/04/2012] ADBB6A655AE518830BA1AFEFDB84668F
C:\_OTL\MovedFiles\09112012_225020\C_Users\Domsfriend\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx --a---- 86029 bytes [05:57 21/05/2012] [05:57 21/05/2012] 0638018613E94AAFC6FA6FFF996BB8AC
C:\_OTL\MovedFiles\09192012_215959\C_Users\Domsfriend\AppData\Local\Opera\Opera\icons\www.babylon.com.idx --a---- 529 bytes [23:27 20/04/2012] [23:33 20/04/2012] 2A9EBC1E8FB374CDCA759AB1227185AA
C:\_OTL\MovedFiles\09192012_224548\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences\babylon.js --a---- 834 bytes [22:44 18/09/2012] [22:44 18/09/2012] 4C7FA62E805A28E45B81AF3C5FB033E7
C:\_OTL\MovedFiles\09192012_224548\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml --a---- 2360 bytes [22:44 18/09/2012] [22:44 18/09/2012] D49C515CC942D23FD791B43DB88FB71D
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimg.babylon.com%2Fsite%2Fimages%2Fbabylon-8%2Fcommon%2Fimages%2Ffavicon.png --a---- 1028 bytes [23:27 20/04/2012] [23:27 20/04/2012] 0BD43713A08B2DCCEA64E9A40FCAB258
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\ffxtlbr@babylon.com\content\babylon.css --a---- 2267 bytes [04:10 09/08/2012] [04:10 09/08/2012] C958E619394865F741A245D368BFD28C
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\ffxtlbr@babylon.com\content\babylon.xul --a---- 1100 bytes [09:13 23/08/2012] [09:13 23/08/2012] F2F198AFC7E1F88CBD57B2F88F9E0F92
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\searchplugins\BabylonMngr.xml --a---- 2223 bytes [22:45 18/09/2012] [22:45 18/09/2012] 8E35A209E4DBF5DBE7B1A8C98326F42F
C:\_OTL\MovedFiles\09192012_224548\C_Windows\Prefetch\BABYLONTOOLBAR4FFX.EXE-3E3859F6.pf --a---- 70208 bytes [22:44 18/09/2012] [22:44 18/09/2012] 0533F33490A4C1BBCC879C48423A8A85
C:\_OTL\MovedFiles\09192012_224548\C_Windows\Prefetch\BABYLONTOOLBAR4IE.EXE-51E12220.pf --a---- 49444 bytes [22:44 18/09/2012] [22:44 18/09/2012] E0085BEE2BC95D37FB07331519E9BFAF
C:\_OTL\MovedFiles\09192012_224548\C_Windows\Prefetch\BABYLONTOOLBARSRV.EXE-E086CE3F.pf --a---- 24014 bytes [22:44 18/09/2012] [09:57 19/09/2012] 512EA88305CA04B614B46C5A26FBC6BC
C:\_OTL\MovedFiles\09192012_224548\C_Windows\Prefetch\MYBABYLONTB.EXE-CD21B80F.pf --a---- 51886 bytes [22:44 18/09/2012] [22:44 18/09/2012] 61BE59190623436498FE285A2235B4EA

Searching for "*Browser Manager*"
C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager\Uninstall Browser Manager.lnk --a---- 1230 bytes [22:45 18/09/2012] [22:45 18/09/2012] 66C464C509DDF31CD0012D9F2D9E8EFA

========== folderfind ==========

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\LocalLow\searchquband d------ [09:57 28/10/2011]
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\LocalLow\searchqutoolbar d------ [06:06 08/10/2011]
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\searchqutoolbar d------ [06:06 08/10/2011]

Searching for "*Babylon*"
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\BabylonToolbar d------ [10:50 11/09/2012]
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\BabylonToolbar\BabylonToolbar d------ [10:50 11/09/2012]
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com d------ [01:23 06/05/2012]
C:\_OTL\MovedFiles\09112012_225020\C_Users\Domsfriend\AppData\Local\Babylon d------ [22:56 25/08/2012]
C:\_OTL\MovedFiles\09112012_225020\C_Users\Domsfriend\AppData\Roaming\Babylon d------ [01:23 06/05/2012]
C:\_OTL\MovedFiles\09112012_225020\C_Users\Domsfriend\AppData\Roaming\BabylonToolbar d------ [06:45 27/05/2012]
C:\_OTL\MovedFiles\09192012_215959\C_Program Files (x86)\Babylon d------ [23:30 20/04/2012]
C:\_OTL\MovedFiles\09192012_215959\C_Program Files (x86)\Babylon\Babylon-Pro d------ [23:30 20/04/2012]
C:\_OTL\MovedFiles\09192012_215959\C_ProgramData\Babylon d------ [01:23 06/05/2012]
C:\_OTL\MovedFiles\09192012_215959\C_Users\Domsfriend\AppData\LocalLow\BabylonToolbar d------ [07:59 07/05/2012]
C:\_OTL\MovedFiles\09192012_215959\C_Users\Domsfriend\AppData\LocalLow\BabylonToolbar\BabylonToolbar d------ [07:59 07/05/2012]
C:\_OTL\MovedFiles\09192012_224548\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com d------ [22:44 18/09/2012]
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Roaming\Babylon d------ [22:44 18/09/2012]
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\ffxtlbr@babylon.com d------ [22:44 18/09/2012]

Searching for "*Browser Manager*"
C:\ProgramData\Browser Manager d------ [22:45 18/09/2012]
C:\Users\All Users\Browser Manager d------ [22:45 18/09/2012]
C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager d------ [22:45 18/09/2012]
C:\_OTL\MovedFiles\09212012_221125\C_ProgramData\Browser Manager d------ [10:12 21/09/2012]

========== Regfind ==========

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
"DisplayName"="Search the web (Babylon)"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
"URL"="http://search.babylon.com/?q={searchTerms}&affID=114733&tt=120912_ccp_3812_2&babsrc=SP_ss&mntrId=809c75b4000000000000687f74f75f77"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}]
@="IBabylonIEBho"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{98889811-442D-49dd-99D7-DC866BE87DBC}"="Babylon Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
@="Babylon toolbar helper"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
"DisplayName"="Search the web (Babylon)"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
"URL"="http://search.babylon.com/?q={searchTerms}&affID=114733&tt=120912_ccp_3812_2&babsrc=SP_ss&mntrId=809c75b4000000000000687f74f75f77"

Searching for "Browser Manager"
[HKEY_CURRENT_USER\Software\BrowserMngr]
"SERVICE_NAME"="Browser Manager"
[HKEY_CURRENT_USER\Software\BrowserMngr]
"INSTALL_FOLDER_NAME"="Browser Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrowserMngr]
"SERVICE_NAME"="Browser Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrowserMngr]
"INSTALL_FOLDER_NAME"="Browser Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
"DisplayName"="Browser Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
"UninstallString"=""C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe" /{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser Manager]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser Manager]
"ImagePath"="C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser Manager]
"DisplayName"="Browser Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Browser Manager]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Browser Manager]
"ImagePath"="C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Browser Manager]
"DisplayName"="Browser Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser Manager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser Manager]
"ImagePath"="C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser Manager]
"DisplayName"="Browser Manager"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\BrowserMngr]
"SERVICE_NAME"="Browser Manager"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\BrowserMngr]
"INSTALL_FOLDER_NAME"="Browser Manager"

-= EOF =-
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Computer Running Slowly

Unread postby Cypher » September 22nd, 2012, 5:36 am

Hi knowlze,
We are getting there now.
Do the following then give me another update on how your computer is running.

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :processes
    killallprocesses
    
    :reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
    [-HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
    [-HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
    [-HKEY_CURRENT_USER\Software\BrowserMngr]
    [-HKEY_CURRENT_USER\Software\BrowserMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrowserMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrowserMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser Manager]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser Manager]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser Manager]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Browser Manager]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Browser Manager]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser Manager]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser Manager]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser Manager]
    [-HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\BrowserMngr]
    [-HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\BrowserMngr]
    
    :files
    C:\Program Files (x86)\APB\APB_Reloaded_Installer.exe
    C:\Program Files (x86)\Chief Architect\Chief Architect Premier X3\disable_activation.cmd
    C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll 
    C:\Users\Domsfriend\Desktop\Stuff\CorelDRAW Graphics\Keygen-CORE\keygen.exe a 
    C:\Users\Domsfriend\Desktop\Stuff\Install\gamebooster.exe 
    C:\Users\Domsfriend\Desktop\Stuff\Install\Tuneup Media v1.1.9 (Itunes plugin) + Fix [RH]\TUM.1.1.9_[RH].rar
    C:\Users\Domsfriend\Downloads\gamebooster.exe 
    C:\Users\Domsfriend\Downloads\SoftonicDownloader_for_steam.exe 
    c:\Users\Domsfriend\Downloads\Update.and.Crack-ASC-II-Mbb.rar 
    C:\Users\Domsfriend\Downloads\YouTubeDownloaderSetup274.exe 
    C:\Windows\Installer\612dc.msi 
    C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    C:\ProgramData\Browser Manager
    C:\Users\All Users\Browser Manager
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Searchqu*
    *Babylon*
    *Browser Manager*
    
    :folderfind
    *Searchqu*
    *Babylon*
    *Browser Manager*
    
    :Regfind
    Searchqu
    Babylon
    Browser Manager
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • SystemLook.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Computer Running Slowly

Unread postby knowlze » September 22nd, 2012, 8:12 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F339F0B-716F-408F-A627-DEEB5DEB4020}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\Software\BrowserMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\BrowserMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrowserMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrowserMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser Manager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser Manager\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser Manager\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Browser Manager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Browser Manager\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser Manager\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser Manager\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser Manager\ not found.
Registry key HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\BrowserMngr\ not found.
Registry key HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\BrowserMngr\ not found.
========== FILES ==========
C:\Program Files (x86)\APB\APB_Reloaded_Installer.exe moved successfully.
C:\Program Files (x86)\Chief Architect\Chief Architect Premier X3\disable_activation.cmd moved successfully.
C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll moved successfully.
File\Folder C:\Users\Domsfriend\Desktop\Stuff\CorelDRAW Graphics\Keygen-CORE\keygen.exe a not found.
C:\Users\Domsfriend\Desktop\Stuff\Install\gamebooster.exe moved successfully.
C:\Users\Domsfriend\Desktop\Stuff\Install\Tuneup Media v1.1.9 (Itunes plugin) + Fix [RH]\TUM.1.1.9_[RH].rar moved successfully.
C:\Users\Domsfriend\Downloads\gamebooster.exe moved successfully.
C:\Users\Domsfriend\Downloads\SoftonicDownloader_for_steam.exe moved successfully.
c:\Users\Domsfriend\Downloads\Update.and.Crack-ASC-II-Mbb.rar moved successfully.
C:\Users\Domsfriend\Downloads\YouTubeDownloaderSetup274.exe moved successfully.
C:\Windows\Installer\612dc.msi moved successfully.
C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.643.41 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\Browser Manager\2.2.643.41 scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\Browser Manager scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Domsfriend\Desktop\cmd.bat deleted successfully.
C:\Users\Domsfriend\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Domsfriend
->Temp folder emptied: 3537 bytes
->Temporary Internet Files folder emptied: 919990 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54816146 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 100050217 bytes
->Flash cache emptied: 2614 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 149.00 mb


OTL by OldTimer - Version 3.2.64.0 log created on 09232012_000441

Files\Folders moved on Reboot...
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753} folder moved successfully.
C:\ProgramData\Browser Manager\2.2.643.41 folder moved successfully.
C:\ProgramData\Browser Manager folder moved successfully.
File\Folder C:\Users\All Users\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753} not found!
File\Folder C:\Users\All Users\Browser Manager\2.2.643.41 not found!
File\Folder C:\Users\All Users\Browser Manager not found!
C:\Users\Domsfriend\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Computer Running Slowly

Unread postby knowlze » September 22nd, 2012, 8:18 am

SystemLook 30.07.11 by jpshortstuff
Log created at 00:13 on 23/09/2012 by Domsfriend
Administrator - Elevation successful

========== filefind ==========

Searching for "*Searchqu*"
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.searchquotes.com%2Ffavicon.png --a---- 589 bytes [13:55 18/08/2012] [13:55 18/08/2012] 5F32D061C08C568AB6EBDFD4414AF7CB
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\www.searchquotes.com.idx --a---- 94 bytes [13:55 18/08/2012] [13:55 18/08/2012] 599217F5335E0E903C90C0B14947B3D7
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [09:14 19/09/2011] [09:14 19/09/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [09:14 19/09/2011] [09:14 19/09/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*Babylon*"
C:\Program Files (x86)\BestGameEver\Audiosurf\engine\AudiosurfHC\101949923 - Congorock - Babylon.mp3.ash --a---- 33588 bytes [07:50 21/03/2012] [07:50 21/03/2012] F1807F46B6A1832F9FC60CE2E865E565
C:\Users\Domsfriend\Desktop\Music\Music\23 - Congorock - Babylon.mp3 --a---- 6243849 bytes [22:12 11/12/2011] [22:39 11/12/2011] 4A5BA04BE6C9E82ED756D146D7BDE97F
C:\Users\Domsfriend\Desktop\Music\Music\All Songs\David Gray - Babylon.mp3 --a---- 4253709 bytes [10:37 05/07/2011] [04:52 17/06/2007] F8A8FF90317D5A1156A13C0214E59FE2
C:\Users\Domsfriend\Desktop\Music\Music\Top Songs\APB\23 - Congorock - Babylon.mp3 --a---- 6243849 bytes [06:04 12/12/2011] [22:39 11/12/2011] 4A5BA04BE6C9E82ED756D146D7BDE97F
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\babylon_logo.png --a---- 3577 bytes [09:14 19/09/2011] [09:14 19/09/2011] 30FF3A31EDC0442F934F703C26B9F572
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll --a---- 237680 bytes [12:23 14/08/2011] [12:23 14/08/2011] 034C197E79D7233BD04BFAC1710CB988
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll --a---- 270960 bytes [12:24 14/08/2011] [12:24 14/08/2011] C471B1EEF9DF1C55B5261006CE04E11F
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\babylon.css --a---- 2981 bytes [09:26 27/09/2011] [09:26 27/09/2011] DAD261AA3C9200A10529A26CC9A63285
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\babylon.xul --a---- 10941 bytes [12:34 20/11/2011] [12:34 20/11/2011] 97BF7CBF63DFFEEC117A1A7F788D71DA
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences\babylon.js --a---- 814 bytes [01:23 06/05/2012] [06:45 27/05/2012] 3F245C585EBABA47E17D90AD05B9AF6A
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml --a---- 2355 bytes [01:23 06/05/2012] [06:45 27/05/2012] 77FA08B277C34F85E742D68AF97BFA6D
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png --a---- 3577 bytes [09:14 19/09/2011] [09:14 19/09/2011] 30FF3A31EDC0442F934F703C26B9F572
C:\_OTL\MovedFiles\09112012_225020\C_Users\Domsfriend\AppData\Local\Babylon\Setup\Babylon.dat --a---- 12848 bytes [22:56 25/08/2012] [14:03 01/04/2012] ADBB6A655AE518830BA1AFEFDB84668F
C:\_OTL\MovedFiles\09112012_225020\C_Users\Domsfriend\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx --a---- 86029 bytes [05:57 21/05/2012] [05:57 21/05/2012] 0638018613E94AAFC6FA6FFF996BB8AC
C:\_OTL\MovedFiles\09192012_215959\C_Users\Domsfriend\AppData\Local\Opera\Opera\icons\www.babylon.com.idx --a---- 529 bytes [23:27 20/04/2012] [23:33 20/04/2012] 2A9EBC1E8FB374CDCA759AB1227185AA
C:\_OTL\MovedFiles\09192012_224548\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences\babylon.js --a---- 834 bytes [22:44 18/09/2012] [22:44 18/09/2012] 4C7FA62E805A28E45B81AF3C5FB033E7
C:\_OTL\MovedFiles\09192012_224548\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml --a---- 2360 bytes [22:44 18/09/2012] [22:44 18/09/2012] D49C515CC942D23FD791B43DB88FB71D
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimg.babylon.com%2Fsite%2Fimages%2Fbabylon-8%2Fcommon%2Fimages%2Ffavicon.png --a---- 1028 bytes [23:27 20/04/2012] [23:27 20/04/2012] 0BD43713A08B2DCCEA64E9A40FCAB258
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\ffxtlbr@babylon.com\content\babylon.css --a---- 2267 bytes [04:10 09/08/2012] [04:10 09/08/2012] C958E619394865F741A245D368BFD28C
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\ffxtlbr@babylon.com\content\babylon.xul --a---- 1100 bytes [09:13 23/08/2012] [09:13 23/08/2012] F2F198AFC7E1F88CBD57B2F88F9E0F92
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\searchplugins\BabylonMngr.xml --a---- 2223 bytes [22:45 18/09/2012] [22:45 18/09/2012] 8E35A209E4DBF5DBE7B1A8C98326F42F
C:\_OTL\MovedFiles\09192012_224548\C_Windows\Prefetch\BABYLONTOOLBAR4FFX.EXE-3E3859F6.pf --a---- 70208 bytes [22:44 18/09/2012] [22:44 18/09/2012] 0533F33490A4C1BBCC879C48423A8A85
C:\_OTL\MovedFiles\09192012_224548\C_Windows\Prefetch\BABYLONTOOLBAR4IE.EXE-51E12220.pf --a---- 49444 bytes [22:44 18/09/2012] [22:44 18/09/2012] E0085BEE2BC95D37FB07331519E9BFAF
C:\_OTL\MovedFiles\09192012_224548\C_Windows\Prefetch\BABYLONTOOLBARSRV.EXE-E086CE3F.pf --a---- 24014 bytes [22:44 18/09/2012] [09:57 19/09/2012] 512EA88305CA04B614B46C5A26FBC6BC
C:\_OTL\MovedFiles\09192012_224548\C_Windows\Prefetch\MYBABYLONTB.EXE-CD21B80F.pf --a---- 51886 bytes [22:44 18/09/2012] [22:44 18/09/2012] 61BE59190623436498FE285A2235B4EA

Searching for "*Browser Manager*"
C:\_OTL\MovedFiles\09232012_000441\C_Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager\Uninstall Browser Manager.lnk --a---- 1230 bytes [22:45 18/09/2012] [22:45 18/09/2012] 66C464C509DDF31CD0012D9F2D9E8EFA

========== folderfind ==========

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\LocalLow\searchquband d------ [09:57 28/10/2011]
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\LocalLow\searchqutoolbar d------ [06:06 08/10/2011]
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\searchqutoolbar d------ [06:06 08/10/2011]

Searching for "*Babylon*"
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\BabylonToolbar d------ [10:50 11/09/2012]
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\BabylonToolbar\BabylonToolbar d------ [10:50 11/09/2012]
C:\_OTL\MovedFiles\09112012_225020\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com d------ [01:23 06/05/2012]
C:\_OTL\MovedFiles\09112012_225020\C_Users\Domsfriend\AppData\Local\Babylon d------ [22:56 25/08/2012]
C:\_OTL\MovedFiles\09112012_225020\C_Users\Domsfriend\AppData\Roaming\Babylon d------ [01:23 06/05/2012]
C:\_OTL\MovedFiles\09112012_225020\C_Users\Domsfriend\AppData\Roaming\BabylonToolbar d------ [06:45 27/05/2012]
C:\_OTL\MovedFiles\09192012_215959\C_Program Files (x86)\Babylon d------ [23:30 20/04/2012]
C:\_OTL\MovedFiles\09192012_215959\C_Program Files (x86)\Babylon\Babylon-Pro d------ [23:30 20/04/2012]
C:\_OTL\MovedFiles\09192012_215959\C_ProgramData\Babylon d------ [01:23 06/05/2012]
C:\_OTL\MovedFiles\09192012_215959\C_Users\Domsfriend\AppData\LocalLow\BabylonToolbar d------ [07:59 07/05/2012]
C:\_OTL\MovedFiles\09192012_215959\C_Users\Domsfriend\AppData\LocalLow\BabylonToolbar\BabylonToolbar d------ [07:59 07/05/2012]
C:\_OTL\MovedFiles\09192012_224548\C_Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com d------ [22:44 18/09/2012]
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Roaming\Babylon d------ [22:44 18/09/2012]
C:\_OTL\MovedFiles\09192012_224548\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\ffxtlbr@babylon.com d------ [22:44 18/09/2012]

Searching for "*Browser Manager*"
C:\_OTL\MovedFiles\09212012_221125\C_ProgramData\Browser Manager d------ [10:12 21/09/2012]
C:\_OTL\MovedFiles\09232012_000441\C_ProgramData\Browser Manager d------ [22:45 18/09/2012]
C:\_OTL\MovedFiles\09232012_000441\C_Users\All Users\Browser Manager d------ [12:06 22/09/2012]
C:\_OTL\MovedFiles\09232012_000441\C_Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager d------ [22:45 18/09/2012]

========== Regfind ==========

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}]
@="IBabylonIEBho"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
@="IBabylonFF"

Searching for "Browser Manager"
No data found.

-= EOF =-
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Computer Running Slowly

Unread postby knowlze » September 22nd, 2012, 8:20 am

I'm sorry but I can't tell of any immediate changes to my computer since the last fix you did.
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Computer Running Slowly

Unread postby Cypher » September 22nd, 2012, 10:18 am

Hi knowlze ,
Is slowness the only problem you are experiencing?

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :processes
    killallprocesses
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [clearallrestorepoints]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Computer Running Slowly

Unread postby knowlze » September 22nd, 2012, 8:45 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F339F0B-716F-408F-A627-DEEB5DEB4020}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Domsfriend\Desktop\cmd.bat deleted successfully.
C:\Users\Domsfriend\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Domsfriend
->Temp folder emptied: 52723 bytes
->Temporary Internet Files folder emptied: 180921 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 51349324 bytes
->Flash cache emptied: 966 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.64.0 log created on 09232012_123706

Files\Folders moved on Reboot...
C:\Users\Domsfriend\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Computer Running Slowly

Unread postby knowlze » September 22nd, 2012, 8:46 pm

Yes from what I could see slowness was the only problem I had with my computer.
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Computer Running Slowly

Unread postby Cypher » September 23rd, 2012, 4:50 am

Hi knowlze,
Yes from what I could see slowness was the only problem I had with my computer.

Your latest set of logs appear to be clean, the slowness you are still experiencing is not caused by malware.
Please see What to do if your Computer is running slowly

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Right click on OTL.exe And select Run as administrator to run it.
  • This will remove some of the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools/logs we used if they remain on your Desktop.

Remember to update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware