Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

slow running computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: slow running computer

Unread postby c62ip64 » May 6th, 2014, 10:29 pm

No problems with the instructions. Here are the log files:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
File C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
File C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
File C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\\McChPlg.dll not found.
File C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll not found.
File c:\progra~1\mcafee\msc\npmcsn~1.dll not found.
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69ff0602_0\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c75cabc6_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69ff0602_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c75cabc6_0\\@|"" /E : value set successfully!
========== COMMANDS ==========


User: All Users

User: Cathy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tom
->Temp folder emptied: 34970 bytes
->Temporary Internet Files folder emptied: 4156233 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4111819 bytes
->Google Chrome cache emptied: 31983880 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 529298 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39.00 mb

OTL by OldTimer - Version log created on 05062014_183008

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000003DB2E4033997A66346 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Regular Member
Posts: 19
Joined: April 27th, 2014, 12:13 pm
Register to Remove

Re: slow running computer

Unread postby c62ip64 » May 6th, 2014, 10:30 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 18:41 on 06/05/2014 by Tom
Administrator - Elevation successful

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "Hoyle"
[HKEY_CURRENT_USER\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0]
[HKEY_CURRENT_USER\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0]
"Title"="Hoyle Casino 2007"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\HoyleCasino2007.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\HoyleCasino2007.exe]
"Path"="C:\Program Files\Encore\Hoyle Casino 2007\HoyleCasino2007.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d6ff864b_0]
@="{}.{86f92cb4-1de0-4304-bcfd-7844016a4447}|\Device\HarddiskVolume3\Program Files\Encore\Hoyle Casino 2007\HoyleCasino2007.exe%b{00000000-0000-0000-0000-000000000000}"
"ProgramItem0020"="[Hoyle Casino 2007] (0x00000000)"
"ConfigApplicationPath"="C:\Program Files\Encore\Hoyle Casino 2007"
"AppExePath"="C:\Program Files\Encore\Hoyle Casino 2007\HoyleCasino2007.exe"
"ConfigApplicationPath"="C:\Program Files\Encore\Hoyle Casino 2007"
"AppExePath"="C:\Program Files\Encore\Hoyle Casino 2007\HoyleCasino2007.exe"
[HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0]
[HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0]
"Title"="Hoyle Casino 2007"
[HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\IntelliType Pro\AppSpecific\HoyleCasino2007.exe]
[HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\IntelliType Pro\AppSpecific\HoyleCasino2007.exe]
"Path"="C:\Program Files\Encore\Hoyle Casino 2007\HoyleCasino2007.exe"
[HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d6ff864b_0]
@="{}.{86f92cb4-1de0-4304-bcfd-7844016a4447}|\Device\HarddiskVolume3\Program Files\Encore\Hoyle Casino 2007\HoyleCasino2007.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "Poker"
"Path"="C:\Program Files\PokerStars.NET\PokerStars.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\PokerStars.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\PokerStars.exe]
"Path"="C:\Program Files\PokerStars.NET\PokerStars.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69ff0602_0]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7d47a381_0]
@="{}.{86f92cb4-1de0-4304-bcfd-7844016a4447}|\Device\HarddiskVolume3\Program Files\PokerStars\PokerStars.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fcb22456_0]
@="{}.{86f92cb4-1de0-4304-bcfd-7844016a4447}|\Device\HarddiskVolume3\Program Files\PokerStars.NET\PokerStars.exe%b{00000000-0000-0000-0000-000000000000}"
"ProgramItem0034"="[PokerStars] (0x00000000)"
"ProgramItem0035"="[PokerStars.net] (0x00000000)"
@="Previous Versions Poker"
@="URL:PokerStars Protocol"
@=""C:\Program Files\PokerStars\PokerStars.exe",1"
@=""C:\Program Files\PokerStars\PokerStars.exe" -url %1"
@="URL:PokerStars Protocol"
@=""C:\Program Files\PokerStars.NET\PokerStars.exe",1"
@=""C:\Program Files\PokerStars.NET\PokerStars.exe" -url %1"
"Path"="C:\Program Files\PokerStars.NET\PokerStars.exe"
[HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\IntelliType Pro\AppSpecific\PokerStars.exe]
[HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\IntelliType Pro\AppSpecific\PokerStars.exe]
"Path"="C:\Program Files\PokerStars.NET\PokerStars.exe"
[HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69ff0602_0]
[HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7d47a381_0]
@="{}.{86f92cb4-1de0-4304-bcfd-7844016a4447}|\Device\HarddiskVolume3\Program Files\PokerStars\PokerStars.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fcb22456_0]
@="{}.{86f92cb4-1de0-4304-bcfd-7844016a4447}|\Device\HarddiskVolume3\Program Files\PokerStars.NET\PokerStars.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "Realms"
No data found.

Searching for "Searchqu"

Searching for "Searchnu"
Regular Member
Posts: 19
Joined: April 27th, 2014, 12:13 pm

Re: slow running computer

Unread postby c62ip64 » May 6th, 2014, 10:31 pm

C:\Users\Cathy\Downloads\OffercastInstaller_AVR_U-0087-01-P_(1).exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Cathy\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Tom\Downloads\VerizonToolbar_6.0.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
Regular Member
Posts: 19
Joined: April 27th, 2014, 12:13 pm

Re: slow running computer

Unread postby pgmigg » May 6th, 2014, 10:52 pm

Hello c62ip64,

It looks like that every time I asked you to run SystemLook, you posted the first part of log instead of the whole file. Could you please check it again and post the most recent one completely?

Searching for "Searchnu"
- It is the last line you posted. After that there are should be more results for


Failure to post replies within 72 hours will result in this thread being closed
User avatar
Posts: 5501
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: slow running computer

Unread postby pgmigg » May 8th, 2014, 10:47 am

Hello c62ip64,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    [HKEY_CURRENT_USER\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0]
    [HKEY_CURRENT_USER\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0]
    [-HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\HoyleCasino2007.exe]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d6ff864b_0]
    [HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Software\0]
    [HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0]
    [HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0]
    [-HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\IntelliType Pro\AppSpecific\HoyleCasino2007.exe]
    [HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d6ff864b_0]
    [-HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\PokerStars.exe]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69ff0602_0]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7d47a381_0]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fcb22456_0]
    [HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Software\0]
    [HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Software\0]
    [-HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\IntelliType Pro\AppSpecific\PokerStars.exe]
    [HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69ff0602_0]
    [HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7d47a381_0]
    [HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fcb22456_0]
    ipconfig /flushdns /c
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
You should still have SystemLook.exe on your desktop.
  1. Right click on SystemLook.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
  3. Press the Look button to start the scan. The scan will take a while so please be patient...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.
    Note: Please be careful and place the WHOLE SystemLook.txt log!

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?


Failure to post replies within 72 hours will result in this thread being closed
User avatar
Posts: 5501
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: slow running computer

Unread postby c62ip64 » May 10th, 2014, 12:57 am

Here is the OTL log. It took awhile for the computer to shutdown when OTL did a restart.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0\\SaveAs deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0\\Title deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication\\Name deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication\\Id deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\HoyleCasino2007.exe\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d6ff864b_0\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Software\0\\ProgramItem0020 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-1571669636-96613985-1446841813-1000\{F4DC6A33-67A0-409C-A3FF-0B84F00252AF}\\ConfigApplicationPath deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-1571669636-96613985-1446841813-1000\{F4DC6A33-67A0-409C-A3FF-0B84F00252AF}\\"AppExePath"|"- /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-1571669636-96613985-1446841813-1001\{885A36E8-F48C-46A7-8AE8-C2DB20F69FB7}\\ConfigApplicationPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-1571669636-96613985-1446841813-1001\{885A36E8-F48C-46A7-8AE8-C2DB20F69FB7}\\AppExePath deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0\\SaveAs not found.
Registry value HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Digital River\SoftwarePassport\Download Manager\C359624A08E25CD23FDCC628CD26C3D0\\Title not found.
Registry value HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\DirectInput\MostRecentApplication\\Name not found.
Registry value HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\DirectInput\MostRecentApplication\\Id not found.
Registry key HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\IntelliType Pro\AppSpecific\HoyleCasino2007.exe\ not found.
HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d6ff864b_0\\@|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\PokerStars.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\PokerStars.exe\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69ff0602_0\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7d47a381_0\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fcb22456_0\\@|"" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList\\a deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Software\0\\ProgramItem0034 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Software\0\\ProgramItem0035 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e880532-7028-48e9-8795-c197ff2ab411}\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pokerstars\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pokerstars\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pokerstars\DefaultIcon\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pokerstars\shell\open\command\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PokerStarsNet\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PokerStarsNet\DefaultIcon\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PokerStarsNet\shell\open\command\\@|"" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\IntelliPoint\AppSpecific\PokerStars.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\IntelliType Pro\AppSpecific\PokerStars.exe\ not found.
HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\69ff0602_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7d47a381_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fcb22456_0\\@|"" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList\\a not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tom\Desktop\cmd.bat deleted successfully.
C:\Users\Tom\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========


User: All Users

User: Cathy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tom
->Temp folder emptied: 339770 bytes
->Temporary Internet Files folder emptied: 7624641 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4403901 bytes
->Google Chrome cache emptied: 10562456 bytes
->Flash cache emptied: 291 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1054956 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23.00 mb


User: All Users

User: Cathy
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: Tom
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


User: All Users

User: Cathy
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: Tom
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version log created on 05092014_224047

Files\Folders moved on Reboot...
File\Folder C:\Users\Tom\AppData\Local\Temp\~DF60A1.tmp not found!
File\Folder C:\Users\Tom\AppData\Local\Temp\~DF6136.tmp not found!
File\Folder C:\Users\Tom\AppData\Local\Temp\~DF623D.tmp not found!
File\Folder C:\Users\Tom\AppData\Local\Temp\~DF6319.tmp not found!
File\Folder C:\Users\Tom\AppData\Local\Temp\~DF63D1.tmp not found!
File\Folder C:\Users\Tom\AppData\Local\Temp\~DF6453.tmp not found!
File\Folder C:\Windows\temp\TMP00000001AC11AC3106A690A8 not found!
File\Folder C:\Windows\temp\TMP0000000DCA470A5C61E67948 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Regular Member
Posts: 19
Joined: April 27th, 2014, 12:13 pm

Re: slow running computer

Unread postby c62ip64 » May 10th, 2014, 1:04 am

It looks like SystemLook is getting hung. A window, Microsoft Visual C ++ Library, appears after about 20 minutes with an OK button. I let it wait for a couple of hours and eventually clicked on the OK button. I thought SystemLook finished. SystemLook finished and the log was created. This time a received a message 'SystemLook has stopped working'. Here is what was created in the log.

SystemLook 30.07.11 by jpshortstuff
Log created at 00:03 on 10/05/2014 by Tom
Administrator - Elevation successful

========== Regfind ==========

Searching for "Searchnu"
No data found.

Searching for "Slick"
No data found.

Searching for "smartbar"
No data found.

Searching for "Somoto"
No data found.

Searching for "Sweetpack"
No data found.

Searching for "Tarma"
No data found.

Searching for "trolltech"

Searching for "Vafmusic2"
No data found.

Searching for "vshare"
"%ALLUSERSPROFILE%\Application Data\Microsoft\MSEnvShared\Addins"=""
"%ALLUSERSPROFILE%\Application Data\Microsoft\MSEnvShared\Addins"=""

Searching for "whitesmoke"
Regular Member
Posts: 19
Joined: April 27th, 2014, 12:13 pm

Re: slow running computer

Unread postby pgmigg » May 11th, 2014, 12:40 am

Hello c62ip64,
It looks like SystemLook is getting hung. A window, Microsoft Visual C ++ Library, appears after about 20 minutes with an OK button. I let it wait for a couple of hours and eventually clicked on the OK button. I thought SystemLook finished. SystemLook finished and the log was created. This time a received a message 'SystemLook has stopped working'. Here is what was created in the log.
OK. Enough. I will no longer torment you with this tool... :D
Let continue our treatment...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Malwarebytes' Anti-Malware
You have Malwarebytes' Anti-Malware (MBAM) installed on your computer, but it is out of date release.
  1. Please download newest Malwarebytes' Anti-Malware and save to your desktop.
  2. Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  3. At the end, Uncheck enable free trial of Malwarebytes' Anti-Malware, (You can activate this when we've finished, if you wish)
  4. Then click Finish.
  5. You'll see an alert that "Databases out of date" Click the "Update Now" button.
  6. Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  7. Press the Scan Now >> button.
  8. When the scan is finished:
  9. If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  10. If infections were found, click the Quarantine all button.
  11. Press the View detailed log >> link to display the results log.
  12. Press the Copy to Clipboard button.
  13. Copy and paste the scan results in your next reply and exit MBAM.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent MBAM Log file
  4. Do you see any changes in computer behavior?


Failure to post replies within 72 hours will result in this thread being closed
User avatar
Posts: 5501
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: slow running computer

Unread postby c62ip64 » May 12th, 2014, 7:31 pm

No problem with the instructions. Start times for some apps, Chrome, Windows Live Mail is slow after powering up the PC. I have to wait a couple of minutes before the app starts. The apps start immediately after the PC is on for awhile. Here are the logs:

Thanks for your help again,

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1571669636-96613985-1446841813-1000\Software\Trolltech\ not found.
========== COMMANDS ==========


User: All Users

User: Cathy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tom
->Temp folder emptied: 952096 bytes
->Temporary Internet Files folder emptied: 3754568 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1322374 bytes
->Google Chrome cache emptied: 9034483 bytes
->Flash cache emptied: 291 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3570 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb

OTL by OldTimer - Version log created on 05122014_185735

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Regular Member
Posts: 19
Joined: April 27th, 2014, 12:13 pm

Re: slow running computer

Unread postby c62ip64 » May 12th, 2014, 7:32 pm

Malwarebytes Anti-Malware

Scan Date: 5/12/2014
Scan Time: 7:23:49 PM
Administrator: Yes

Malware Database: v2014.05.12.09
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Tom

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290785
Time Elapsed: 13 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl, Quarantined, [d2b766ea0b706bcbecc4d9810200f20e],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1, Quarantined, [2b5efb5595e6b77f4e62cc8e877bd52b],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

Regular Member
Posts: 19
Joined: April 27th, 2014, 12:13 pm

Re: slow running computer

Unread postby pgmigg » May 12th, 2014, 10:11 pm

Hello c62ip64,

Start times for some apps, Chrome, Windows Live Mail is slow after powering up the PC. I have to wait a couple of minutes before the app starts. The apps start immediately after the PC is on for awhile.
Let do something else... :)

ZOEK Auto Clean
  1. First please Disable any Antivirus you have active, as shown in This topic.
    Note: Don't forget to re-enable it after the scan.
  2. Next please download zoek.exe and save it to your desktop.
  3. Close any open browsers.
  4. Right click on zoek.exe and select "Run as administrator..." to run it.
  5. Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  6. Click the More Options button below the large panel and check the box:
    • Do a Deep Scan
    • Silent Runners
    • Installed Programs
    • Empty Temp
    • Symlink Check
    • Auto Clean
  7. Click on Run script button
  8. Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  9. Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the zoek-results.log file
  3. Do you see any changes in computer behavior?


Failure to post replies within 72 hours will result in this thread being closed
User avatar
Posts: 5501
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: slow running computer

Unread postby NonSuch » May 16th, 2014, 4:11 pm

Due to a failure to respond for 72 hours or more, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Register to Remove


  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 173 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware