Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Web browsing very slow [Solved]


  • This topic is locked This topic is locked

#1
mtdar

mtdar

    New Member

  • Member
  • Pip
  • 9 posts

Hi all,

 

My browser is very slow when I try to surf the web and there is a lot of hard drive activity.  Pages do eventually load but it takes and incredibly long time.  Any help would be greatly appreciated.  Logs are included below.

 

Thanks in advance,

mtdar

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by Chefboop (administrator) on CHEFBOOP-PC on 16-04-2015 21:44:53
Running from C:\Users\Chefboop\Desktop
Loaded Profiles: Chefboop (Available profiles: Chefboop)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12000984 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [BrowserSafeguard] => "C:\Program Files\Browsersafeguard\BrowserSafeguard.exe"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\0eb807ff-2bb8-4c6a-ac8f-cca3fdb77b3b.exe [183232 2015-04-16] (AVAST Software)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3000465821-1268044749-150525962-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe [851632 2014-08-14] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3000465821-1268044749-150525962-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...ved=0CAQQqS4oAQ
HKU\S-1-5-21-3000465821-1268044749-150525962-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3000465821-1268044749-150525962-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....sa&d=2014-07-11 01:09:43&v=18.1.8.643&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-06] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-06] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.13.180 167.206.13.181

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: nuance.com/DragonRIAPlugin -> C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2012-07-18] (Nuance Communications Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-18] (AVAST Software)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [310232 2012-07-18] (Nuance Communications, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2015-02-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-18] ()
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [734208 2009-05-25] (Ralink Technology Corp.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 21:44 - 2015-04-16 21:45 - 00007881 _____ () C:\Users\Chefboop\Desktop\FRST.txt
2015-04-16 21:44 - 2015-04-16 21:44 - 00000000 ____D () C:\FRST
2015-04-16 21:42 - 2015-04-16 21:43 - 01137152 _____ (Farbar) C:\Users\Chefboop\Desktop\FRST.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 21:42 - 2013-08-30 23:15 - 02089921 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 21:39 - 2013-08-30 23:17 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 21:38 - 2013-09-08 20:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-16 21:37 - 2013-09-08 20:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-16 21:37 - 2013-09-08 20:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-16 21:32 - 2013-09-14 21:25 - 00021351 _____ () C:\Windows\setupact.log
2015-04-16 21:32 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

==================== Files in the root of some directories =======

2013-11-16 15:52 - 2013-11-16 15:52 - 0001075 _____ () C:\Users\Chefboop\AppData\Roaming\SAS7_000.DAT
2013-10-27 00:20 - 2013-10-27 00:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Chefboop\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe
C:\Users\Chefboop\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Chefboop\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Chefboop\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Chefboop\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Chefboop\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Chefboop\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\Chefboop\AppData\Local\Temp\oi_{09D2F04E-EAA6-4678-BAB4-008BA290E3E7}.exe
C:\Users\Chefboop\AppData\Local\Temp\ose00000.exe
C:\Users\Chefboop\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Chefboop\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Chefboop\AppData\Local\Temp\UNINSTALL.EXE

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-29 20:04

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by Chefboop at 2015-04-16 21:45:56
Running from C:\Users\Chefboop\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4255 - CDBurnerXP)
Dragon NaturallySpeaking 12 (HKLM\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
FileZilla Client 3.7.3 (HKLM\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Freemake Video Converter version 4.0.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
SiteSpinner Cloud (HKLM\...\{EDFB2A7D-55D6-44FB-8CF0-CC29A78C9927}) (Version: 2.92.03 - Virtual Mechanics)
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
Tales of Lagoona Orphans of the Ocean (HKLM\...\Tales of Lagoona Orphans of the Ocean1.0) (Version: 1.0 - FishBone Games)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2A3FD566-F916-4D52-B1E5-EF29A0036947} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-18] (AVAST Software)
Task: {347A2397-658D-4576-8F88-518A5AB98008} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {46E5A90A-A35D-4BC3-9A4E-428E08C46A07} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {9400CCCB-85C8-4695-882A-EF44587D129C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {9D6B0EF5-E13E-469B-9A27-179D0FBCF55E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {EF08F1D2-B975-475D-856F-89C445CB6235} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FA7C8721-BDB4-4E05-A8EB-B528B24A64CD} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-18 16:36 - 2014-07-18 16:36 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-04-16 21:31 - 2015-04-16 21:31 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041601\algo.dll
2013-08-07 15:25 - 2013-08-07 15:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-07-18 16:36 - 2014-07-18 16:36 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:8AED9359
AlternateDataStreams: C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.website:DESTICON_favicon-1280777702
AlternateDataStreams: C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.website:DESTICON_favicon-1832937330
AlternateDataStreams: C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.website:DESTICON_favicon-305398699
AlternateDataStreams: C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.website:DESTICON_favicon1921853446
AlternateDataStreams: C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.website:DESTICON_favicon706749981
AlternateDataStreams: C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.website:DESTICON_Goldbox16._V200960310_2023149401
AlternateDataStreams: C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.website:TASKICON_0favicon537490126
AlternateDataStreams: C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.website:TASKICON_1favicon1633597539
AlternateDataStreams: C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.website:TASKICON_2favicon-616110882
AlternateDataStreams: C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.website:TASKICON_3favicon865475423
AlternateDataStreams: C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.website:TASKICON_4favicon-355235819

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3000465821-1268044749-150525962-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chefboop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 167.206.13.180 - 167.206.13.181

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3000465821-1268044749-150525962-500 - Administrator - Disabled)
Chefboop (S-1-5-21-3000465821-1268044749-150525962-1000 - Administrator - Enabled) => C:\Users\Chefboop
Guest (S-1-5-21-3000465821-1268044749-150525962-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3000465821-1268044749-150525962-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2015 09:32:21 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (04/16/2015 09:29:12 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (02/16/2015 09:23:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b80

Start Time: 01d04a4f13cf4f71

Termination Time: 437

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 5ee76caa-b643-11e4-9482-406186954445

Error: (02/16/2015 09:15:33 PM) (Source: MsiInstaller) (EventID: 1023) (User: Chefboop-PC)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Additional information is available in the log file C:\Users\Chefboop\AppData\Local\Temp\MSI25466.LOG.

Error: (02/16/2015 09:13:13 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (08/30/2014 04:37:48 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (08/30/2014 04:17:52 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (08/21/2014 00:51:50 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (08/17/2014 06:50:59 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (08/17/2014 05:50:59 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

System errors:
=============
Error: (04/16/2015 09:36:06 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (04/16/2015 09:31:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/16/2015 09:32:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/16/2015 09:16:51 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (02/16/2015 09:14:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/16/2015 09:14:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/16/2015 09:14:36 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/16/2015 09:14:36 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/30/2014 04:56:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/30/2014 04:35:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Phenom™ II X3 720 Processor
Percentage of memory in use: 74%
Total physical RAM: 1791.18 MB
Available physical RAM: 458.85 MB
Total Pagefile: 3582.36 MB
Available Pagefile: 1528.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.46 GB) (Free:232.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: 011A3F20)
Partition 1: (Active) - (Size=279.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi mtdar, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      HKLM\...\Run: [BrowserSafeguard] => "C:\Program Files\Browsersafeguard\BrowserSafeguard.exe"
      C:\Program Files\Browsersafeguard
      SearchScopes: HKU\S-1-5-21-3000465821-1268044749-150525962-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....sa&d=2014-07-11 01:09:43&v=18.1.8.643&pid=safeguard&sg=&sap=dsp&q={searchTerms}
      AlternateDataStreams: C:\ProgramData\TEMP:8AED9359
      CMD: ipconfig /flushdns
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #2 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Required Log(s):
    • FRST Fix Log
    • AdwCleaner Log
Regards,
Valinorum
  • 0

#3
mtdar

mtdar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Valinoram,

 

Thanks for the welcome and the help.  Logs are included below.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04
Ran by Chefboop at 2015-04-18 01:46:25 Run:1
Running from C:\Users\Chefboop\Desktop
Loaded Profiles: Chefboop (Available profiles: Chefboop)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM\...\Run: [BrowserSafeguard] => "C:\Program Files\Browsersafeguard\BrowserSafeguard.exe"
C:\Program Files\Browsersafeguard
SearchScopes: HKU\S-1-5-21-3000465821-1268044749-150525962-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....sa&d=2014-07-11 01:09:43&v=18.1.8.643&pid=safeguard&sg=&sap=dsp&q={searchTerms}
AlternateDataStreams: C:\ProgramData\TEMP:8AED9359
CMD: ipconfig /flushdns
End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard => value deleted successfully.
"C:\Program Files\Browsersafeguard" => File/Directory not found.
"HKU\S-1-5-21-3000465821-1268044749-150525962-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
C:\ProgramData\TEMP => ":8AED9359" ADS removed successfully.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 1.7 GB temporary data.

The system needed a reboot.

==== End of Fixlog 01:49:16 ====

 

# AdwCleaner v4.201 - Logfile created 18/04/2015 at 01:59:09
# Updated 08/04/2015 by Xplode
# Database : 2015-04-15.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Chefboop - CHEFBOOP-PC
# Running from : C:\Users\Chefboop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJIPTPPO\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Chefboop\AppData\Local\Browsersafeguard
Folder Deleted : C:\Users\Chefboop\AppData\Roaming\OpenCandy

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\SaveDailyDeals
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

*************************

AdwCleaner[R0].txt - [2429 bytes] - [18/04/2015 01:57:19]
AdwCleaner[S0].txt - [2394 bytes] - [18/04/2015 01:59:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2453  bytes] ##########


  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Reset your web-browsers and tell me if the issue persists.
  • 1

#5
mtdar

mtdar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Valinorum,

 

I reset IE as you suggested.  It does seems to be working a bit faster, but it seems to slow down when I go to Google based sites, like gmail.com and youtube.com.  I appreciated your continued help.

 

Thanks,

mtdar


  • 0

#6
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
  • Step #3 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #4 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Log
Regards,
Valinorum
  • 0

#7
mtdar

mtdar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Ok here are my results.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/20/2015
Scan Time: 12:31:14 AM
Logfile: malwarebyteslog.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.19.05
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Chefboop

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294254
Time Elapsed: 9 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Eset Scanner: nothing was found.


  • 0

#8
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Log looks good. How is your PC?
  • 0

#9
mtdar

mtdar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

It's definitely running better than before.  There is some slowness when the computer starts up and the web browser is initially opened, but otherwise a lot better.


  • 0

#10
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Please perform a clean boot and check your PC's start-up.
  • 0

Advertisements


#11
mtdar

mtdar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I did the clean boot as suggested and computer start up was a little slower with heavy hard drive activity. Web browsing was about the same as well.
One thing I noticed was when I clicked the link you gave for a clean boot it showed up in the tab and address of "api.viglink.com" before it went to the Microsoft website. I'm not sure if this helps but may be something you need to know. Even as I am typing now there is heavy hard drive activity.
  • 0

#12
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Restart your PC and see if the HDD activity pertains.
  • 0

#13
mtdar

mtdar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

HDD activity definitely still pertains.


  • 0

#14
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Are you also facing the general slowness?
  • 0

#15
mtdar

mtdar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Yes, I would say that's a fair statement.  My computer was much faster before it got infected, but has been slow since.  I was thinking about doing a clean reinstall of the operating system.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP