Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop very slow to start up and to operate


  • Please log in to reply

#1
rockitout

rockitout

    Member

  • Member
  • PipPipPip
  • 140 posts
The computer takes forever to start up and do anything on. I suspect malware.

OTL logfile created on: 9/10/2013 1:48:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\afishinguy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 52.36% Memory free
6.36 Gb Paging File | 5.19 Gb Available in Paging File | 81.52% Paging File free
Paging file location(s): c:\pagefile.sys 2683 2683d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 16.48 Gb Free Space | 23.71% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 67.34 Gb Free Space | 96.86% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: afishinguy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/10 13:48:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\afishinguy\Desktop\OTL.exe
PRC - [2013/08/14 19:27:59 | 005,703,920 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/09/27 20:43:40 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/09/02 16:11:08 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2010/12/08 04:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/12/08 04:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2010/12/08 04:23:52 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2010/12/08 04:23:50 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2010/12/08 04:23:50 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2008/07/03 22:37:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/11 12:08:34 | 000,120,144 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe -- (CLEARWIRERcAppSvc)
SRV - [2011/05/11 12:08:26 | 000,124,240 | ---- | M] (SmithMicro Inc.) [Disabled | Stopped] -- C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe -- (CACLEARWIRE)
SRV - [2011/05/11 12:08:26 | 000,107,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe -- (SMSI Device Launch Service)
SRV - [2010/06/17 15:55:10 | 000,398,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe -- (clearwireDeviceDiagnosticsService)
SRV - [2008/11/28 13:56:06 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/11/20 23:07:42 | 000,113,152 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2008/11/20 23:07:08 | 000,125,440 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 19:15:28 | 000,110,592 | ---- | M] () [Disabled | Stopped] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- -- (tcpipBM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ATMFVsp.sys -- (ATMFVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ATMFNVsp.sys -- (ATMFNVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ATMFNET.sys -- (ATMFNET)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ATMFMdm.sys -- (ATMFMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ATMFFLT.sys -- (ATMFFLT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ATMFCVsp.sys -- (ATMFCVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ATMFBUS.sys -- (ATMFBUS)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/01 05:52:22 | 000,340,480 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2011/04/01 05:52:20 | 000,048,768 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2008/11/20 22:59:02 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2008/11/20 22:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/10/01 13:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/08/22 12:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/20 14:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx80.sys -- (SWUMX80)
DRV - [2008/08/20 14:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u80.sys -- (SWNC8U80)
DRV - [2008/08/06 21:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/07/28 02:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/04 01:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/10 05:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/02 08:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...8&m=aspire_5515
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...8&m=aspire_5515
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {bb78b434-c869-e534-65a9-f4a7dab04d57} - C:\Program Files\SocialRibbons LP4\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {73703B2A-BD2F-445E-8B9E-6C20EF385F8C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{69A99386-B7F4-4D79-B12F-7760D4F3CF78}: "URL" = http://www.google.co...AW_enUS316US317
IE - HKCU\..\SearchScopes\{73703B2A-BD2F-445E-8B9E-6C20EF385F8C}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{7B184DBD-182E-4CA4-9C76-D5A93A06DC4C}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{D34E6A12-3CCE-44D7-9015-984EAE17C5B0}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{E472D277-3C10-4087-B871-987EFE084793}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/06/24 13:15:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/06/24 13:15:10 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.my.yahoo.com/
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.my.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\afishinguy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\afishinguy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\afishinguy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\afishinguy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (SocialRibbons LP4) - {DAA05029-EECE-7A44-A584-C603C68CB608} - C:\Program Files\SocialRibbons LP4\Toolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyrid...pplets/sync.cab (SyncXfer Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.3.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B45C9E78-2645-4F14-88F5-B45664A7E8D4}: DhcpNameServer = 66.233.235.12 75.94.255.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C94D2212-4673-4D0D-94C8-93971C91A4ED}: DhcpNameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7105B53-9BFD-43F5-85C1-6F58EDAAF7F2}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\afishinguy\Desktop\My Pictures\Fish\DSC00028.JPG
O24 - Desktop BackupWallPaper: C:\Users\afishinguy\Desktop\My Pictures\Fish\DSC00028.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/24 15:35:35 | 000,000,124 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28ceaec3-84ff-11df-beba-001eecdb252c}\Shell\AutoRun\command - "" = F:\Window~1\Setup.exe
O33 - MountPoints2\{3ff0ab8b-6d5d-11de-933a-00a0c6000000}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008/01/20 21:32:58 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{58b51570-254c-11df-b122-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{58b51570-254c-11df-b122-00a0c6000000}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\{5b3c290c-ef76-11df-9be0-001d880b5ea4}\Shell - "" = AutoRun
O33 - MountPoints2\{5b3c290c-ef76-11df-9be0-001d880b5ea4}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{7444ef26-35ea-11e0-8fe2-001eecdb252c}\Shell - "" = AutoRun
O33 - MountPoints2\{7444ef26-35ea-11e0-8fe2-001eecdb252c}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{b2fc3f60-e1c4-11de-9381-001eecdb252c}\Shell\AutoRun\command - "" = F:\.\Vado\Vado.exe
O33 - MountPoints2\{bf06a802-6bd4-11de-8d1b-001eecdb252c}\Shell - "" = AutoRun
O33 - MountPoints2\{bf06a802-6bd4-11de-8d1b-001eecdb252c}\Shell\AutoRun\command - "" = G:\start.exe
O33 - MountPoints2\{f4f88bfe-93d4-11de-997b-001eecdb252c}\Shell - "" = AutoRun
O33 - MountPoints2\{f4f88bfe-93d4-11de-997b-001eecdb252c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/10 13:48:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\afishinguy\Desktop\OTL.exe
[2013/09/05 14:14:21 | 000,000,000 | ---D | C] -- C:\Users\afishinguy\AppData\Roaming\SUPERAntiSpyware.com
[2013/09/05 14:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/09/05 14:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/09/05 14:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/05 13:42:37 | 000,000,000 | ---D | C] -- C:\Users\afishinguy\AppData\Local\LogMeIn Rescue Applet
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/10 13:49:06 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/10 13:49:06 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/10 13:48:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\afishinguy\Desktop\OTL.exe
[2013/09/10 13:06:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/10 12:02:20 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_afishinguy.job
[2013/09/10 12:02:15 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/10 11:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/05 17:06:06 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_afishinguy.job
[2013/09/05 17:06:06 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_afishinguy.job
[2013/09/05 16:19:33 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task fa3d4636-91c3-48f4-997a-10cea78d16b9.job
[2013/09/05 16:19:32 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ead7e653-03a2-48ef-ae2b-6713179fd8fd.job
[2013/09/05 16:15:41 | 105,209,711 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/05 14:13:16 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/05 13:24:26 | 000,312,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/23 18:07:18 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/23 18:07:18 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/05 16:23:39 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_afishinguy.job
[2013/09/05 16:23:22 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_afishinguy.job
[2013/09/05 16:21:49 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_afishinguy.job
[2013/09/05 16:15:41 | 105,209,711 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/05 14:15:23 | 000,000,520 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ead7e653-03a2-48ef-ae2b-6713179fd8fd.job
[2013/09/05 14:14:55 | 000,000,520 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task fa3d4636-91c3-48f4-997a-10cea78d16b9.job
[2013/09/05 14:13:16 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/23 16:50:02 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/08/23 16:50:02 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2011/06/26 13:39:31 | 000,000,345 | ---- | C] () -- C:\Users\afishinguy\000setup.001
[2010/07/01 06:01:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/24 21:29:56 | 015,983,616 | ---- | C] () -- C:\Users\afishinguy\Cricket Broadband Setup-v1.0 (build 1950).msi
[2010/05/21 17:27:49 | 000,000,680 | ---- | C] () -- C:\Users\afishinguy\AppData\Local\d3d9caps.dat
[2010/01/11 17:19:38 | 000,004,913 | ---- | C] () -- C:\ProgramData\mnjemahv.gza
[2010/01/11 17:17:17 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2009/03/20 15:16:52 | 000,000,017 | -H-- | C] () -- C:\Users\afishinguy\AppData\Local\19720201.dat
[2009/03/16 14:16:53 | 000,000,094 | ---- | C] () -- C:\Users\afishinguy\AppData\Roaming\wklnhst.dat
[2009/03/12 17:08:28 | 000,113,664 | ---- | C] () -- C:\Users\afishinguy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/03/04 19:30:17 | 000,000,000 | -HSD | M] -- C:\Users\afishinguy\AppData\Roaming\.#
[2009/03/02 13:40:00 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Acer
[2008/12/04 07:57:50 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Acer GameZone Console
[2009/08/28 19:08:45 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Amazon
[2009/03/02 15:26:02 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Bytemobile
[2009/07/10 13:03:02 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Cisco
[2010/03/19 11:44:44 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Cricket
[2009/03/04 18:30:00 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Flood Light Games
[2010/03/19 10:46:21 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Fugawi
[2009/03/14 20:16:48 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\InterVideo
[2009/03/02 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Leadertech
[2009/12/08 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\muvee Technologies
[2013/06/24 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Origin
[2009/03/02 14:58:33 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Sierra Wireless
[2009/03/16 14:17:05 | 000,000,000 | ---D | M] -- C:\Users\afishinguy\AppData\Roaming\Template

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:79DD4F33
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:73933431
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:F65733F1

< End of report >
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please run the scan below while I review your log.


Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Thank you for replying. Here is the log file you requested:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-11 09:22:40
-----------------------------
09:22:40.503 OS Version: Windows 6.0.6002 Service Pack 2
09:22:40.503 Number of processors: 1 586 0x7F02
09:22:40.503 ComputerName: LAPTOP UserName:
09:22:42.344 Initialize success
09:24:33.278 AVAST engine defs: 13091100
09:24:45.477 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
09:24:45.477 Disk 0 Vendor: Hitachi_ 1.10 Size: 152627MB BusType: 6
09:24:45.774 Disk 0 MBR read successfully
09:24:45.774 Disk 0 MBR scan
09:24:45.820 Disk 0 unknown MBR code
09:24:45.820 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
09:24:45.836 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71192 MB offset 20981760
09:24:45.867 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71189 MB offset 166782976
09:24:45.898 Disk 0 scanning sectors +312578048
09:24:46.304 Disk 0 scanning C:\Windows\system32\drivers
09:25:15.897 Service scanning
09:26:20.622 Modules scanning
09:26:54.411 Disk 0 trace - called modules:
09:26:54.505 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys
09:26:54.505 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853f0380]
09:26:54.520 3 CLASSPNP.SYS[8739d8b3] -> nt!IofCallDriver -> [0x84b76258]
09:26:54.520 5 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\0000006d[0x840b7970]
09:26:55.285 AVAST engine scan C:\Windows
09:27:04.972 AVAST engine scan C:\Windows\system32
09:33:05.176 AVAST engine scan C:\Windows\system32\drivers
09:33:29.138 AVAST engine scan C:\Users\afishinguy
09:40:41.742 AVAST engine scan C:\ProgramData
09:42:29.662 Scan finished successfully
09:45:33.462 Disk 0 MBR has been saved successfully to "C:\Users\afishinguy\Desktop\MBR.dat"
09:45:33.462 The log file has been saved successfully to "C:\Users\afishinguy\Desktop\aswMBR.txt"
  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi,

Let's get started.

Step 1: Run OTL fix.

Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :OTL
    
    IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKCU\..\URLSearchHook: {bb78b434-c869-e534-65a9-f4a7dab04d57} - C:\Program Files\SocialRibbons LP4\Helper.dll ()
    IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
    
    O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
    O2 - BHO: (SocialRibbons LP4) - {DAA05029-EECE-7A44-A584-C603C68CB608} - C:\Program Files\SocialRibbons LP4\Toolbar.dll ()
    
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.3.cab (Reg Error: Key error.)
    
    [2010/01/11 17:19:38 | 000,004,913 | ---- | C] () -- C:\ProgramData\mnjemahv.gza
    [2010/01/11 17:17:17 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
    [2009/03/20 15:16:52 | 000,000,017 | -H-- | C] () -- C:\Users\afishinguy\AppData\Local\19720201.dat
    
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:79DD4F33
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:73933431
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:F65733F1
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Step 2: Run JRT.


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3: Upload files.

Please upload the following files to VirusTotal and send me links to the results pages.

  • C:\Users\afishinguy\Desktop\MBR.dat
  • C:\Users\afishinguy\AppData\Local\19720201.dat

Things I need in your next reply:
  • OTL fix log
  • JRT log
  • VT links
  • How is your computer running now?

  • 0

#5
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Here are the logs and links you requested. I could not post the link to the "C:\Users\afishinguy\AppData\Local\19720201.dat" file because I could not find the file. I even tried showing hidden files and looking for it again, but it wasn't in the listed location. As far as how the computer is running, I think it may be slightly faster starting up, but it is still sluggish.


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bb78b434-c869-e534-65a9-f4a7dab04d57} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb78b434-c869-e534-65a9-f4a7dab04d57}\ deleted successfully.
C:\Program Files\SocialRibbons LP4\Helper.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAA05029-EECE-7A44-A584-C603C68CB608}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DAA05029-EECE-7A44-A584-C603C68CB608}\ deleted successfully.
C:\Program Files\SocialRibbons LP4\Toolbar.dll moved successfully.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
C:\ProgramData\mnjemahv.gza moved successfully.
C:\ProgramData\xqkcebzs.dik moved successfully.
C:\Users\afishinguy\AppData\Local\19720201.dat moved successfully.
ADS C:\ProgramData\TEMP:79DD4F33 deleted successfully.
ADS C:\ProgramData\TEMP:73933431 deleted successfully.
ADS C:\ProgramData\TEMP:F65733F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: afishinguy
->Temp folder emptied: 15849051 bytes
->Temporary Internet Files folder emptied: 142947442 bytes
->Java cache emptied: 5372963 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 566 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127076198 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 278.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09112013_131656

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows Vista ™ Home Basic x86
Ran by afishinguy on Wed 09/11/2013 at 13:33:54.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\cpturlpassthru.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dca-api.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dca-bho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\compete
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\funwebproducts
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cpturlpassthru.httpmonitor
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cpturlpassthru.httpmonitor.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dcabho.dca
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dcabho.dca.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100295.FCTB000100295Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100295.FCTB000100295Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100295.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100295.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100295.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100295.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100295.FCTB000100295Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100295.FCTB000100295Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100295.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100295.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100295.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100295.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D34E6A12-3CCE-44D7-9015-984EAE17C5B0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\afishinguy\AppData\LocalLow\FCTB000100295
Successfully deleted: [Folder] "C:\Users\afishinguy\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\afishinguy\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Program Files\funwebproducts"
Successfully deleted: [Folder] "C:\Program Files\mywebsearch"
Successfully deleted: [Folder] "C:\Program Files\Common Files\freecause"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/11/2013 at 13:37:19.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


LINKS:
https://www.virustot...sis/1378921773/
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Okay, let's get rid of the file and try a clean boot to speed things up.

First, click the start button and type in cmd. Right-click on the command prompt icon and select "Run as Administrator." Type in the following command and press enter:

del /A:H C:\Users\afishinguy\AppData\Local\19720201.dat


Let me know if it gives any complaints.


Step 1: Start MSConfig

Click Start, type msconfig in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.

Step 2: Configure Selective Startup options

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

Posted Image

2.Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable.

3.Click the Services tab.

Posted Image

4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6. When you are prompted, click Restart.

Once back in windows does the problem still occur ?
  • 0

#7
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I tried running the cimmand and it said "could not find C:\Users\afishinguy\AppData\Local\19720201.dat". I did not proceed with the rest of the instructions. Do you want me to proceed anyway?
  • 0

#8
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I feel so stupid...we already deleted the file, no wonder we can't find it. Please continue with the clean boot.
  • 0

#9
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Don't feel stupid. It happens to the best of us. I followed the instructions and it does seem to be starting up and running faster. The browser seems a little slow, but that may be because I'm on a wireless connection.
  • 0

#10
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok, now we got to narrow it down. Do the same process again, but this time leave the first half of the boxes checked. Reboot and see if it is slow again. If so, then we know that the offending item is in the first half, if not, then it is in the second half. Repeat this process until you find the offending item. Let me know what it is.

For the browser speed, which browser are you using? Is it the same in all browsers?

Can you go to speedtest.net and run a speed test for me?
  • 0

Advertisements


#11
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I tried to narrow the slow startup down with the method you suggested. I wasn't really able to tell a difference no matter what I did. For the browser, I'm using IE and Chrome. Both are equally slow. My connection speed is 15.45 down and 5.95 up. I have to work tomorrow, so if I don't answer you right away, I will eventually. Thanks for your help so far.
  • 0

#12
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok. Check everything back again.

Please download and run StartupLite and see if it helps with the speed.

Also, let's try running IE without addons and see if it speeds up.

Start > All Programs > Accessories > System Tools > Internet Explorer (No Add-ons)
  • 0

#13
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Sorry for the delayed response. I was working yesterday. I completed your latest steps. I have to say the computer is acting better adn the browser does seem to speed up when I disable plugind. FYI, I took it upon myself to uninstall Origin as I didn't need it anymore and it only delayed startup. I hope that is ok.
  • 0

#14
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
It is probably an add-on that is slowing down IE then. You pretty much have to figure out which one through trial and error. Turn on one at a time and test.

  • Open Internet Explorer by clicking the Start button Posted Image. In the search box, type Internet Explorer, and then, in the list of results, click Internet Explorer.
  • Click the Tools button Posted Image, and then click Manage add-ons.
  • Under Show, click All add-ons.
  • Click an add-on, and then do one of the following:

    • To make the add-on available for use in the browser, click Enable.
    • To turn the add-on off so it can't be used in the browser, click Disable.
  • Repeat step 4 for each add-on that you want to turn on or off. When you're finished, click Close.

  • 0

#15
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I tried your latest instructions and I couldn't pinpoint any ad-on that was making a difference in speed. It does seem to be faster now that I uninstalled origin though. I think Origin was slowing things down as it was loading everytime I started windows and tried to brows the internet right after startup. I'm not sure though. The way things are now, I can live with (speed wise).
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP