Page 4 of 4 FirstFirst 1234
Results 31 to 40 of 40

Thread: ilivid and PUP Files Slowing Down Son's Laptop

  1. 2013-06-12, 23:04 #31
    luke1am
    luke1am is offline
    Junior Member
    Join Date
    Jul 2012
    Posts
    29

    Default

    Mea Culpa!

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-1179639099-1613884970-682482423-1000\Software\Microsoft\Internet Explorer\SearchScopes\{47E55975-0C2C-4B8F-A054-86F17FC42BC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47E55975-0C2C-4B8F-A054-86F17FC42BC5}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1179639099-1613884970-682482423-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6723CE15-67D8-4377-9751-13A475B59B59}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6723CE15-67D8-4377-9751-13A475B59B59}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1179639099-1613884970-682482423-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher deleted successfully.
    File C:\Users\Pop\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    C:\Users\Pop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AccuWeather.lnk moved successfully.
    Registry value HKEY_USERS\S-1-5-21-1179639099-1613884970-682482423-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1179639099-1613884970-682482423-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MobileDocuments deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43f13d93-8ded-11e0-af1c-00219b11cb95}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43f13d93-8ded-11e0-af1c-00219b11cb95}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43f13d93-8ded-11e0-af1c-00219b11cb95}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43f13d93-8ded-11e0-af1c-00219b11cb95}\ not found.
    File G:\MI.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56458ba1-bc06-11e2-909b-00219b11cb95}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56458ba1-bc06-11e2-909b-00219b11cb95}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56458ba1-bc06-11e2-909b-00219b11cb95}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56458ba1-bc06-11e2-909b-00219b11cb95}\ not found.
    File F:\VZW_Software_upgrade_assistant_installer.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8832e75b-be0f-11dd-9757-00219b11cb95}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8832e75b-be0f-11dd-9757-00219b11cb95}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8832e75b-be0f-11dd-9757-00219b11cb95}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8832e75b-be0f-11dd-9757-00219b11cb95}\ not found.
    File F:\LaunchU3.exe -a not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3b14836-e63e-11dd-baa6-00219b11cb95}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3b14836-e63e-11dd-baa6-00219b11cb95}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3b14836-e63e-11dd-baa6-00219b11cb95}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3b14836-e63e-11dd-baa6-00219b11cb95}\ not found.
    File F:\LaunchU3.exe -a not found.
    Folder C:\Users\Pop\AppData\Roaming\ShopAtHome\ not found.
    C:\Windows\Tasks\PC Optimizer Pro64 startups.job moved successfully.
    C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job moved successfully.
    C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job moved successfully.
    C:\Windows\Tasks\HP Photo Creations Messager.job moved successfully.
    C:\Windows\Tasks\Ad-Aware Update (Weekly).job moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Pop\Downloads\cmd.bat deleted successfully.
    C:\Users\Pop\Downloads\cmd.txt deleted successfully.
    C:\Windows\prefetch\ADOBEARM.EXE-F9223367.pf moved successfully.
    C:\Windows\prefetch\ADWCLEANER.EXE-1B93C37A.pf moved successfully.
    C:\Windows\prefetch\ADWCLEANER.EXE-960A00C9.pf moved successfully.
    C:\Windows\prefetch\AgAppLaunch.db moved successfully.
    C:\Windows\prefetch\AgGlFaultHistory.db moved successfully.
    C:\Windows\prefetch\AgGlFgAppHistory.db moved successfully.
    C:\Windows\prefetch\AgGlGlobalHistory.db moved successfully.
    C:\Windows\prefetch\AgGlUAD_P_S-1-5-21-1179639099-1613884970-682482423-1000.db moved successfully.
    C:\Windows\prefetch\AgGlUAD_S-1-5-21-1179639099-1613884970-682482423-1000.db moved successfully.
    C:\Windows\prefetch\AgRobust.db moved successfully.
    C:\Windows\prefetch\APPLEMOBILEDEVICEHELPER.EXE-D36FFDFF.pf moved successfully.
    C:\Windows\prefetch\APPLESYNCNOTIFIER.EXE-67449290.pf moved successfully.
    C:\Windows\prefetch\APSDAEMON.EXE-688589D3.pf moved successfully.
    C:\Windows\prefetch\ATH.EXE-EA0D6A86.pf moved successfully.
    C:\Windows\prefetch\AUDIODG.EXE-AB22E9A6.pf moved successfully.
    C:\Windows\prefetch\AU_.EXE-2C6DF76D.pf moved successfully.
    C:\Windows\prefetch\AVG-SECURE-SEARCH-UPDATE_JUNE-AFA7473A.pf moved successfully.
    C:\Windows\prefetch\AVGCMGR.EXE-AB37170F.pf moved successfully.
    C:\Windows\prefetch\AVGCSRVA.EXE-845D8145.pf moved successfully.
    C:\Windows\prefetch\AVGDIAGEX.EXE-A4A5C27C.pf moved successfully.
    C:\Windows\prefetch\AVGMFAPX.EXE-D32842AE.pf moved successfully.
    C:\Windows\prefetch\AVGNSA.EXE-7318A494.pf moved successfully.
    C:\Windows\prefetch\AVGSRMAX.EXE-099FE911.pf moved successfully.
    C:\Windows\prefetch\AVGUI.EXE-8ACCDA60.pf moved successfully.
    C:\Windows\prefetch\BUBBLES.SCR-6885EEB6.pf moved successfully.
    C:\Windows\prefetch\CHROME.EXE-5349D2D7.pf moved successfully.
    C:\Windows\prefetch\CMD.EXE-6D6290C5.pf moved successfully.
    C:\Windows\prefetch\CONHOST.EXE-0C6456FB.pf moved successfully.
    C:\Windows\prefetch\CONSENT.EXE-40419367.pf moved successfully.
    C:\Windows\prefetch\DISTNOTED.EXE-BA71F399.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-4B6CB38A.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-576CF6B2.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-6389524F.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-844858E7.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-851C5C91.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-A010D183.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-D9DCD0F3.pf moved successfully.
    C:\Windows\prefetch\EXPLORER.EXE-D5E97654.pf moved successfully.
    C:\Windows\prefetch\FIXCFG.EXE-400B74FF.pf moved successfully.
    C:\Windows\prefetch\FLASHPLAYERUPDATESERVICE.EXE-0129C0B2.pf moved successfully.
    C:\Windows\prefetch\GOOGLEUPDATE.EXE-0E1E7B82.pf moved successfully.
    C:\Windows\prefetch\GOOGLEUPDATE.EXE-8F1937A7.pf moved successfully.
    C:\Windows\prefetch\GOOGLEUPDATERSERVICE.EXE-A6285BB5.pf moved successfully.
    C:\Windows\prefetch\HIJACKTHIS.EXE-64490959.pf moved successfully.
    C:\Windows\prefetch\HPNETWORKCOMMUNICATOR.EXE-A2B3B877.pf moved successfully.
    C:\Windows\prefetch\IELOWUTIL.EXE-EE8999C6.pf moved successfully.
    C:\Windows\prefetch\IEXPLORE.EXE-058FE8F5.pf moved successfully.
    C:\Windows\prefetch\IPCONFIG.EXE-10A15CF4.pf moved successfully.
    C:\Windows\prefetch\ITUNES.EXE-3ADE145E.pf moved successfully.
    C:\Windows\prefetch\ITUNESHELPER.EXE-399B4696.pf moved successfully.
    C:\Windows\prefetch\layout.ini moved successfully.
    C:\Windows\prefetch\LVPRCSRV.EXE-72698635.pf moved successfully.
    C:\Windows\prefetch\MESSAGECHECK.EXE-0A4C5507.pf moved successfully.
    C:\Windows\prefetch\MSCORSVW.EXE-16B291C4.pf moved successfully.
    C:\Windows\prefetch\MSCORSVW.EXE-8CE1A322.pf moved successfully.
    C:\Windows\prefetch\MSIEXEC.EXE-8FFB1633.pf moved successfully.
    C:\Windows\prefetch\MSIEXEC.EXE-CDBFC0F7.pf moved successfully.
    C:\Windows\prefetch\NOTEPAD.EXE-C5670914.pf moved successfully.
    C:\Windows\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
    C:\Windows\prefetch\OTL.EXE-B7873E87.pf moved successfully.
    C:\Windows\prefetch\PfSvPerfStats.bin moved successfully.
    C:\Windows\prefetch\REGSVR32.EXE-03D3FB87.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-0D53616E.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-284836AE.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-41C19BFB.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-51CCB287.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-6FD72002.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-B6001A63.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-D2A040D5.pf moved successfully.
    C:\Windows\prefetch\SCRIPTHELPER.EXE-873A26F1.pf moved successfully.
    C:\Windows\prefetch\SDWINSEC.EXE-25EEB17A.pf moved successfully.
    C:\Windows\prefetch\SEARCHFILTERHOST.EXE-44162447.pf moved successfully.
    C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf moved successfully.
    C:\Windows\prefetch\SHOPATHOMEHELPER.EXE-FDAC6451.pf moved successfully.
    C:\Windows\prefetch\SHOPATHOMEWATCHER.EXE-235E53AF.pf moved successfully.
    C:\Windows\prefetch\SNDVOL.EXE-425BC49B.pf moved successfully.
    C:\Windows\prefetch\SOFTWAREUPDATE.EXE-4F1A260C.pf moved successfully.
    C:\Windows\prefetch\SPLWOW64.EXE-57576C25.pf moved successfully.
    C:\Windows\prefetch\SPPSVC.EXE-96070FE0.pf moved successfully.
    C:\Windows\prefetch\SVCHOST.EXE-6A249820.pf moved successfully.
    C:\Windows\prefetch\SVCHOST.EXE-6E1A6101.pf moved successfully.
    C:\Windows\prefetch\SYNCSERVER.EXE-CC074549.pf moved successfully.
    C:\Windows\prefetch\TASKENG.EXE-35FA9C06.pf moved successfully.
    C:\Windows\prefetch\TASKHOST.EXE-A0F5E092.pf moved successfully.
    C:\Windows\prefetch\TASKKILL.EXE-0ECD41EC.pf moved successfully.
    C:\Windows\prefetch\TEAMVIEWER_SERVICE.EXE-1258E9D3.pf moved successfully.
    C:\Windows\prefetch\TOOLBARUPDATER.EXE-53AE9F77.pf moved successfully.
    C:\Windows\prefetch\UNINST.EXE-895CF55E.pf moved successfully.
    C:\Windows\prefetch\VSSVC.EXE-6C8F0C66.pf moved successfully.
    C:\Windows\prefetch\WERFAULT.EXE-661188F3.pf moved successfully.
    C:\Windows\prefetch\WERMGR.EXE-F439C551.pf moved successfully.
    C:\Windows\prefetch\WINWORD.EXE-8D8AC989.pf moved successfully.
    C:\Windows\prefetch\WMIADAP.EXE-BB21CD77.pf moved successfully.
    C:\Windows\prefetch\WMIPRVSE.EXE-E8B8DD29.pf moved successfully.
    C:\Windows\prefetch\WMPNETWK.EXE-F6E20E14.pf moved successfully.
    C:\Windows\prefetch\WMPNSCFG.EXE-18FC9E64.pf moved successfully.
    C:\Windows\prefetch\{6349BC39-E3D0-461D-8342-7765-101AC837.pf moved successfully.
    File\Folder C:\Program Files (x86)\AWS not found.
    File\Folder C:\Program Files (x86)\Java not found.
    File\Folder C:\Program Files (x86)\Viewpoint not found.
    C:\Users\Pop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk moved successfully.
    < netsh advfirewall reset /c >
    Ok.
    C:\Users\Pop\Downloads\cmd.bat deleted successfully.
    C:\Users\Pop\Downloads\cmd.txt deleted successfully.
    < netsh advfirewall set allprofiles state on /c >
    Ok.
    C:\Users\Pop\Downloads\cmd.bat deleted successfully.
    C:\Users\Pop\Downloads\cmd.txt deleted successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java(TM) 6 Update 19\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java(TM) 6 Update 7\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Auto Updater\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56545 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Pop
    ->Temp folder emptied: 93910861 bytes
    ->Temporary Internet Files folder emptied: 980774250 bytes
    ->Java cache emptied: 50395624 bytes
    ->Google Chrome cache emptied: 428538012 bytes
    ->Apple Safari cache emptied: 1860608 bytes
    ->Opera cache emptied: 65678496 bytes
    ->Flash cache emptied: 4032263 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 217059 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
    RecycleBin emptied: 190714569 bytes

    Total Files Cleaned = 1,732.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 06112013_180553

    Files\Folders moved on Reboot...
    C:\Users\Pop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Pop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G17BD1FA\showthread[1].htm moved successfully.
    C:\Users\Pop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Pop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  2. 2013-06-13, 10:08 #32
    Dakeyras
    Dakeyras is offline
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    Lets proceed as follows shall we...

    TFC(Temp File Cleaner):

    • Please download TFC to your desktop,
    • Save any unsaved work. TFC will close all open application windows.
    • Right-click TFC.exe and select Run as Administrator to run the program.
    • Click the Start button in the bottom left of TFC
    • If prompted, click "Yes" to reboot.

    Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

    I advise you consider keeping TFC on your desktop after I give the all clear and run it say at least once per week as it is a very effective piece of software for cleaning out temp' files etc.

    ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Windows 7 Users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here to run the scan...
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then right click on it and select Run as Administrator to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
  3. 2013-06-14, 03:34 #33
    luke1am
    luke1am is offline
    Junior Member
    Join Date
    Jul 2012
    Posts
    29

    Default

    Hello, again.

    Here's what I copied to clip board from the scan:

    C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Users\All Users\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Users\Pop\AppData\Local\Google\Chrome\User Data\Default\Default\aadagddhdgdagddggcdadggfdegcdfdd\background.html Win32/BHO.OEI trojan
    C:\Users\Pop\AppData\Local\Google\Chrome\User Data\Default\Default\aadagddhdgdagddggcdadggfdegcdfdd\ContentScript.js Win32/BHO.OEI trojan
    C:\Users\Pop\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdddhgfgfdjdjdjdigbddgedidadh\background.js Win32/TrojanDownloader.Tracur.V trojan
    C:\Users\Pop\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdddhgfgfdjdjdjdigbddgedidadh\ContentScript.js Win32/TrojanDownloader.Tracur.V trojan
    C:\Users\Pop\AppData\Local\Google\Chrome\User Data\Default\Default\aadfdbggdjgedidfgggddidadedbgbgd\background.js Win32/TrojanDownloader.Tracur.V trojan
    C:\Users\Pop\AppData\Local\Google\Chrome\User Data\Default\Default\aadfdbggdjgedidfgggddidadedbgbgd\ContentScript.js Win32/TrojanDownloader.Tracur.AD trojan
    C:\Users\Pop\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components\epicPlayGames.dll a variant of Win32/Adware.Gamevance.BR application
    C:\Users\Pop\Downloads\FFHollywood-dm.exe a variant of Win32/Adware.Trymedia.A application
    C:\Users\Pop\Downloads\FlashPlayer.exe a variant of Win32/AirAdInstaller.A application
    C:\Users\Pop\Downloads\FlvtoYoutubeDownloaderSetupOC.exe Win32/OpenCandy application
    C:\Users\Pop\Downloads\Lil Wayne feat Drake- Pass the dutch.mp3 probably a variant of Win32/TrojanDropper.Delf.NQG trojan
    C:\Users\Pop\Downloads\LimeWireWin.exe multiple threats
    C:\Users\Pop\Downloads\SetupPlaySushi.exe a variant of Win32/Adware.Gamevance.AS application
    C:\Users\Pop\Downloads\YouTubeDownloaderSetup265.exe a variant of Win32/Toolbar.Widgi application
    C:\Users\Pop\Downloads\YouTubeDownloaderSetup271.exe a variant of Win32/Toolbar.Widgi application
    C:\_OTL\MovedFiles\08182010_232018\C_Users\Pop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\14194be1-4f02da57 Java/TrojanDownloader.Agent.NAP trojan
    C:\_OTL\MovedFiles\08182010_232018\C_Users\Pop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\4159ee07-10f0df04 multiple threats
    C:\_OTL\MovedFiles\08182010_232018\C_Users\Pop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\58097cc9-33b03614 multiple threats
    C:\_OTL\MovedFiles\08182010_232018\C_Users\Pop\Documents\LimeWire\Saved\Shared\Lil Wayne - Tha Carter III - 08 - Tie My Hands.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\_OTL\MovedFiles\08182010_232018\C_Users\Pop\Documents\LimeWire\Saved\Shared\Lil Wayne- Dinnertime.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\_OTL\MovedFiles\08182010_232018\C_Users\Pop\Documents\LimeWire\Saved\Shared\Ne-Yo - Year Of The Gentleman - 07 - So You Can Cry.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan

    Why does it seem to have so many trojans after all the scans we already ran?

    Lucas
  4. 2013-06-14, 03:36 #34
    luke1am
    luke1am is offline
    Junior Member
    Join Date
    Jul 2012
    Posts
    29

    Default

    This is all that showed up on the log file:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
  5. 2013-06-14, 22:50 #35
    Dakeyras
    Dakeyras is offline
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    Why does it seem to have so many trojans after all the scans we already ran?
    Because the specific tools I use all have different detection data-bases and scan type routines, hence I ask for a online scan as a final check.

    Custom OTL Script:

    • Right-click OTL.exe and select Run as Administrator to start the program.
    • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Files
C:\ProgramData\Tarma Installer
C:\Users\All Users\Tarma Installer
C:\Users\Pop\AppData\Local\Google\Chrome\User Data\Default\Default\aadagddhdgdagddggcdadggfdegcdfdd
C:\Users\Pop\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com
C:\Users\Pop\Downloads\FFHollywood-dm.exe 
C:\Users\Pop\Downloads\FlashPlayer.exe
C:\Users\Pop\Downloads\FlvtoYoutubeDownloaderSetupOC.exe 
C:\Users\Pop\Downloads\Lil Wayne feat Drake- Pass the dutch.mp3 
C:\Users\Pop\Downloads\LimeWireWin.exe 
C:\Users\Pop\Downloads\SetupPlaySushi.exe 
C:\Users\Pop\Downloads\YouTubeDownloaderSetup265.exe 
C:\Users\Pop\Downloads\YouTubeDownloaderSetup271.exe

:Commands
[EmptyTemp]
    • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
    • Then click the red Run Fix button.
    • Let the program run unhindered.
    • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

    Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

    Next:

    Let check/update some software as follows shall we...

    • Download and install FileHippo Update Checker from here.
    • Once installed(during the installation process deselect the option:- Run at Startup >> Start(Windows 7 Orb) >> All Programs >> right-click on Update Checker and select Run as Administrator >> a browser window will open after the scan is complete.
    • Download any updates detected(apart from beta updates) to the desktop >> uninstall anything that requires updating via Programs and Features in the Control Panel.
    • Re-install the updated software, delete the installers and then empty the Recycle Bin.

    Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.

    Next:

    When completed the above, please post back the following in the order asked for:

    • How is your computer performing now, any further symptoms and or problems encountered?
    • OTL Log from the Custom Script.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
  6. 2013-06-15, 00:06 #36
    luke1am
    luke1am is offline
    Junior Member
    Join Date
    Jul 2012
    Posts
    29

    Default

    the comp, as old as it is (4-5, or 20 in desktop years!), it is running smoother. The continuous "cycling" has stopped, and it opens programs or internet pages faster.

    I still can't believe how many trojans are so deeply inbedded that multiple programs are needed to clean it completely. Just my computer ignorance, but it nonetheless surprises me.

    Here's the script you requested:

    All processes killed
    ========== FILES ==========
    C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Cache folder moved successfully.
    C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE} folder moved successfully.
    C:\ProgramData\Tarma Installer folder moved successfully.
    File\Folder C:\Users\All Users\Tarma Installer not found.
    C:\Users\Pop\AppData\Local\Google\Chrome\User Data\Default\Default\aadagddhdgdagddggcdadggfdegcdfdd folder moved successfully.
    C:\Users\Pop\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components folder moved successfully.
    C:\Users\Pop\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\chrome folder moved successfully.
    C:\Users\Pop\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com folder moved successfully.
    C:\Users\Pop\Downloads\FFHollywood-dm.exe moved successfully.
    C:\Users\Pop\Downloads\FlashPlayer.exe moved successfully.
    C:\Users\Pop\Downloads\FlvtoYoutubeDownloaderSetupOC.exe moved successfully.
    C:\Users\Pop\Downloads\Lil Wayne feat Drake- Pass the dutch.mp3 moved successfully.
    C:\Users\Pop\Downloads\LimeWireWin.exe moved successfully.
    C:\Users\Pop\Downloads\SetupPlaySushi.exe moved successfully.
    C:\Users\Pop\Downloads\YouTubeDownloaderSetup265.exe moved successfully.
    C:\Users\Pop\Downloads\YouTubeDownloaderSetup271.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Pop
    ->Temp folder emptied: 7829 bytes
    ->Temporary Internet Files folder emptied: 48167105 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 15242550 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 62146 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 61.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 06142013_175210

    Files\Folders moved on Reboot...
    C:\Users\Pop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Pop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78G6BQWS\recommen[1].htm moved successfully.
    C:\Users\Pop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78G6BQWS\showthread[1].htm moved successfully.
    C:\Users\Pop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Pop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Pop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHQIWB55\index[1].htm moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  7. 2013-06-15, 20:48 #37
    Dakeyras
    Dakeyras is offline
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    the comp, as old as it is (4-5, or 20 in desktop years!), it is running smoother. The continuous "cycling" has stopped, and it opens programs or internet pages faster.
    Good, as long as you keep on top of things like say regular system maintenance and updating/running scans with the security software. Observing safe online practices that should go a long way towards ensuring your machine's actual Operating System remains both healthy if you will and malware free.

    I still can't believe how many trojans are so deeply inbedded that multiple programs are needed to clean it completely. Just my computer ignorance, but it nonetheless surprises me.
    Actually none of the infections removed were that bad at all in the great scheme of things and certainly had not compromised the integrity of your machine but like anything if left untreated would have exponentially gotten worse over time as certain types of malware are designed too in some circumstances.

    Next:

    Congratulations your computer appears to be malware free!

    Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

    Importance of Regular System Maintenance:

    I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

    Help! My computer is slow!

    Also so is this:

    What to do if your Computer is running slowly

    Uninstall AdwCleaner:

    • Right-click on AdwCleaner.exe and select Run as Administrator to start the program
    • Click on Uninstall >> Yes, this will remove the application and its log(s).

    Clean up with OTL:

    • Right-click OTL and select Run as Administrator to start the program.
    • Close all other programs apart from OTL as this step will require a reboot.
    • On the OTL main screen, depress the CleanUp button.
    • Say Yes to the prompt and then allow the program to reboot your computer.

    The above process should clean up and remove the vast majority of scanners used and logs created etc.

    Any left over merely delete yourself and empty the Recycle Bin.

    Reset the System Restore points:

    Create a new, clean System Restore point:-

    • Right click on Computer and select Properties >> System protection >> Create.
    • Give this restore point a descriptive name and click Create.
    • When the new restore point is created click on OK >> close the System properties window.

    Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

    Flush Old System Restore points:-

    • Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
    • Select the system drive, C >> OK.
    • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
    • Click on Clean up system files >> Select the system drive, C >> OK.
    • Now click on the More Options tab.
    • Under:-
    System Restore and Shadow Copies
    • Click on Clean up... >> Delete >> OK >> Delete Files.

    Next:

    Click here and the advice I posted concerning your son's machine from:-

    Now some advice for on-line safety
    Onwards is fairly generic in nature and can be applied also.

    Next:

    Any questions? Feel free to ask, if not stay safe!
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
  8. 2013-06-16, 19:51 #38
    luke1am
    luke1am is offline
    Junior Member
    Join Date
    Jul 2012
    Posts
    29

    Default

    Thank you. Once again, you've proved very capable and willing to help me step-by-step in cleaning this old computer.

    I appreciate your help!

    Lucas
  9. 2013-06-16, 20:14 #39
    Dakeyras
    Dakeyras is offline
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    You're most welcome!
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
  10. 2013-06-18, 21:13 #40
    Dakeyras
    Dakeyras is offline
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

    Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules