[Oblivionon360]

Rouge Killer log


RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Maggie [Admin rights]
Mode : Scan -- Date : 02/22/2014 02:45:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ][PUM] HKLM\[...]\Wow6432Node\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK1646GSX +++++
--- User ---
[MBR] c47271f0f6e6e77f0a7f05ceeac3ba13
[BSP] 964e89424b6e2cd73a4295c0527160c9 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02222014_024547.txt >>




ADWCLEANER log


# AdwCleaner v3.019 - Report created 22/02/2014 at 02:50:35
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Maggie - MAGGIE-LAPTOP
# Running from : C:\Users\Maggie\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5664 octets] - [18/02/2014 21:13:33]
AdwCleaner[R1].txt - [5551 octets] - [19/02/2014 11:17:00]
AdwCleaner[R2].txt - [747 octets] - [22/02/2014 02:50:35]
AdwCleaner[S0].txt - [5647 octets] - [19/02/2014 11:18:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [866 octets] ##########



ASWMBR LOG

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-22 03:17:27
-----------------------------
03:17:27.812 OS Version: Windows x64 6.1.7601 Service Pack 1
03:17:27.812 Number of processors: 4 586 0x2505
03:17:27.813 ComputerName: MAGGIE-LAPTOP UserName: Maggie
03:17:28.743 Initialize success
03:17:46.716 AVAST engine download error: 0
03:17:59.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:17:59.675 Disk 0 Vendor: TOSHIBA_ LB11 Size: 152627MB BusType: 3
03:17:59.856 Disk 0 MBR read successfully
03:17:59.861 Disk 0 MBR scan
03:17:59.866 Disk 0 Windows 7 default MBR code
03:17:59.871 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
03:17:59.922 Disk 0 scanning C:\Windows\system32\drivers
03:18:10.227 Service scanning
03:18:43.157 Modules scanning
03:18:43.157 Disk 0 trace - called modules:
03:18:43.204 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
03:18:43.204 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003b5c060]
03:18:43.235 3 CLASSPNP.SYS[fffff88001d3f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049cd050]
03:18:43.906 Scan finished successfully
03:18:50.614 Disk 0 MBR has been saved successfully to "C:\Users\Maggie\Desktop\MBR.dat"
03:18:50.661 The log file has been saved successfully to "C:\Users\Maggie\Desktop\aswMBR.txt"

[Advertisements]

I can't see any reason for the slowness of the machine. Let's clear the Chrome cache and browsing history and see if that does away with the Conduit issue.
And then clear the IE browsing history and cache. Since IE is a part of the operating system sometimes TEMP folders and files build up and can't be deleted by other means because the system has them locked. And that can cause the system to slow down.

Then I want to run another OTL fix, in normal mode this time. And check the hard disk for errors.

From Normal Mode:


Step-1.

Clear Chrome Cache and Browsing History

• Click the Chrome menu on the browser toolbar.
• Select Tools.
• Select Clear browsing data.
• Make sure there is a check mark in the boxes beside the following:
  • Clear browsing history
  • Clear download history
  • Empty the cache
  • Delete cookies and other site and plug-in data
• In the drop-down at the top of the dialog box, select until the beginning of time
• Click Clear browsing data.
• Close the Chrome browser and then re-open it and see if Conduit is gone.

Step-2.

NOTE: This can take some time, so be patient.

Clear IE Cache and Browsing History

• Open the IE browser.
• Click the down arrow next to Safety on the right side of the Menu bar and click Delete browsing history... The Delete Browsing History page will open.
  
  OR, If your IE has the cog icon on the Menu bar, click it then highlight Safety and click Delete browsing history... The Delete Browsing History page will open.
  
• Make sure the boxes beside the following are checked:
  • Temporary Internet Files
  • Cookies
  • Cache
• Remove the check marks from any other boxes unless you want them cleared also.
• Click the Delete button.

Now reboot the computer into Safe Mode.


Step-3.

Run RogueKiller

Quit all programs and close all browsers.

• Right click the RogueKiller icon and click Run as Administrator to run the program.
• Wait until Prescan has finished ...
• Click the Scan button and wait for the scan to complete.
• Click the Registry tab and clear the check marks from the following entries:
  • [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
  • [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
• Click on the Delete button.
  
  
  
• The report has been created on the desktop.
• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.

Please post:
The RKreport.txt files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Now reboot into Normal Mode.


Step-4.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:REG
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"= -
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = DWORD:0

:FILES
c:\users\Maggie\AppData\Roaming\newnext.me

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-5.

Check Hard Disk For Errors:

Please copy everything in the code box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

• Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
• Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
• On the File menu, click Save
• On the Save AS window that comes up, do the following:
  • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
  • At the bottom in the File Name: box type testhd.bat
  • In the Save as type: box, click the down arrow and click All Files(*.*)
  • Click Save
  This will put a new file on the Desktop named testhd.bat
  The file icon will look like this:
  
  
  Close all open windows and any open Browsers.
  
• Right click the testhd.bat file on the desktop and click Run As Administrator then OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal.
• When the command window has closed there will be a new file on the desktop named checkhd.txt
• Copy and paste the contents of the checkhd.txt file in your next reply.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if the Conduit problem went away.
2. Let me know if clearing the IE cache and browsing history made any difference in the speed.
3. The chechhd.txt log
4. The RKreport[0]_D_ddmmyyyy_time.txt log
5. the RKreport[0]_SC_ddmmyyyy_time.txt log
6. The OTL fixes log

[godawgs]

I can't see any reason for the slowness of the machine. Let's clear the Chrome cache and browsing history and see if that does away with the Conduit issue.
And then clear the IE browsing history and cache. Since IE is a part of the operating system sometimes TEMP folders and files build up and can't be deleted by other means because the system has them locked. And that can cause the system to slow down.

Then I want to run another OTL fix, in normal mode this time. And check the hard disk for errors.

From Normal Mode:


Step-1.

Clear Chrome Cache and Browsing History

• Click the Chrome menu on the browser toolbar.
• Select Tools.
• Select Clear browsing data.
• Make sure there is a check mark in the boxes beside the following:
  • Clear browsing history
  • Clear download history
  • Empty the cache
  • Delete cookies and other site and plug-in data
• In the drop-down at the top of the dialog box, select until the beginning of time
• Click Clear browsing data.
• Close the Chrome browser and then re-open it and see if Conduit is gone.

Step-2.

NOTE: This can take some time, so be patient.

Clear IE Cache and Browsing History

• Open the IE browser.
• Click the down arrow next to Safety on the right side of the Menu bar and click Delete browsing history... The Delete Browsing History page will open.
  
  OR, If your IE has the cog icon on the Menu bar, click it then highlight Safety and click Delete browsing history... The Delete Browsing History page will open.
  
• Make sure the boxes beside the following are checked:
  • Temporary Internet Files
  • Cookies
  • Cache
• Remove the check marks from any other boxes unless you want them cleared also.
• Click the Delete button.

Now reboot the computer into Safe Mode.


Step-3.

Run RogueKiller

Quit all programs and close all browsers.

• Right click the RogueKiller icon and click Run as Administrator to run the program.
• Wait until Prescan has finished ...
• Click the Scan button and wait for the scan to complete.
• Click the Registry tab and clear the check marks from the following entries:
  • [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
  • [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
• Click on the Delete button.
  
  
  
• The report has been created on the desktop.
• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.

Please post:
The RKreport.txt files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Now reboot into Normal Mode.


Step-4.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:REG
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"= -
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = DWORD:0

:FILES
c:\users\Maggie\AppData\Roaming\newnext.me

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-5.

Check Hard Disk For Errors:

Please copy everything in the code box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

• Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
• Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
• On the File menu, click Save
• On the Save AS window that comes up, do the following:
  • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
  • At the bottom in the File Name: box type testhd.bat
  • In the Save as type: box, click the down arrow and click All Files(*.*)
  • Click Save
  This will put a new file on the Desktop named testhd.bat
  The file icon will look like this:
  
  
  Close all open windows and any open Browsers.
  
• Right click the testhd.bat file on the desktop and click Run As Administrator then OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal.
• When the command window has closed there will be a new file on the desktop named checkhd.txt
• Copy and paste the contents of the checkhd.txt file in your next reply.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if the Conduit problem went away.
2. Let me know if clearing the IE cache and browsing history made any difference in the speed.
3. The chechhd.txt log
4. The RKreport[0]_D_ddmmyyyy_time.txt log
5. the RKreport[0]_SC_ddmmyyyy_time.txt log
6. The OTL fixes log

[Oblivionon360]

I believe it may be sectors on my hard drive, i am currently in the process of changing drives and will post a log as soon as possible. Upon reboot, it asked me to a disk check.

[godawgs]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.