Hi.
My machine seems to be slowing down now.
This may be of help:-
What to do if your Computer is running slowly
Also I forgot to inform you that on the infected machine, after I finished running the AVG removal tool, it did not produce "avgremover.txt" log on the desktop.
There is something on the desktop (it was already there) that says AVGInstLog. When I place the cursor over it it says "compressed files". Should this be kept or deleted?
Aye go ahead and delete it etc. Every thing else you have mentioned should be taken care of by the below...
Reset Google Chrome:
Click on Start(Windows 7 Orb) >> Run... and copy and paste the below from the code-box and click on OK
Code:
%USERPROFILE%\AppData\Local\Google\Chrome\User Data
Navigate to the folder called Default in the directory window that opens and right-click on it and select Rename.
Now rename it as Backup Default. Now launch Google Chrome and check if the issues you mentioned are still present.
Custom OTL Script:
- Right-click OTL.exe and select Run as Administrator to start the program.
- Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
:Commands
[CreateRestorePoint]
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{317D3F46-EAFE-415B-BC52-E8D648A2C775}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{9D3A49F8-CFF3-4DEC-A8A1-77A404F045C9}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Shermqn Cooper\AppData\Local\RewardsArcadeSuite\1950\Firefox
[2013/04/09 05:51:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/12/20 18:05:53 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\chrome
[2012/12/20 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shermqn Cooper\AppData\Roaming\mozilla\Firefox\Profiles\mdv00nzv.default\extensions\extension@freepricealerts.com\defaults
O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..\Toolbar\WebBrowser: (no name) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No CLSID value found.
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-884558749-3894208209-999701670-1001\..Trusted Ranges: Range1 ([*] in Trusted sites)
:Files
C:\Program Files (x86)\AVG
C:\Program Files (x86)\Java
C:\Program Files (x86)\Yahoo!
C:\Users\Shermqn Cooper\Music\BearShare
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
:Reg
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=-
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar]
:Commands
[ResetHosts]
[EmptyTemp]
- Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
- Then click the red Run Fix button.
- Let the program run unhindered.
- If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Install Microsoft Security Essentials:
Download the installer for Microsoft Security Essentials to the desktop.
- Right-click on the installer for Microsoft Security Essentials(mseinstall.exe) and select Run as Administrator.
- Follow the prompts to install >> when asked if you want to turn one the Windows Firewall, agree to this...
- Update >> Carry Out a Quick Scan. Have it fix/remove anything it finds.
Note: If anything was removed please make a note of it, to copy anything found/removed:-
Click on Start(Windows 7 Orb) >> Control Panel >> Administrative Tools >> Event Viewer >> Windows Logs >> System
Locate:-
Source= Microsoft Antimalware Event ID=1001 (scan finished)
Next:
When completed the above, please post back the following in the order asked for:
- How is the computer performing now, any further symptoms and or problems encountered ?
- OTL Log from the Custom Script.
- Did Microsoft Security Essentials find/remove anything ?