Hi.
-Hard Drive space: Now have 18Gb free. 24% free space. Speed has also increased.
-For Java I went to Windows XP Control Panel, Add or Remove Programs, and uninstalled all the Java files.
-Optical Drive just had an old scratched DVD game that does sometimes have problems reading. I took it out.
Acknowledged, lets proceed as follows shall we...
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
Code:
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\sn-backup
and then click on OK.
Uninstall Program:
Please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):
SearchProtect <-- Has undesirable characteristics.
To do so, click once on each of the above in turn to highlight and then click on the Remove button.
Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.
Custom OTL Script:
- Double-click on OTL.exe to start the program.
- Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
:Commands
[CreateRestorePoint]
:OTL
SRV - [2013/03/17 03:19:19 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/06 07:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
F - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
FF - prefs.js..extensions.enabledItems: :1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
[2012/10/05 18:33:01 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com
[2009/11/04 15:34:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
[2010/09/18 02:45:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 11:32:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/17 20:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/17 20:46:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/18 01:44:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/19 21:00:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012/12/13 09:07:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/01/23 03:43:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O15 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..Trusted Domains: democraticunderground.com ([www] https in Trusted sites)
O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell - "" = AutoRun
O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell - "" = AutoRun
O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe
[2013/03/17 03:19:17 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/17 03:19:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/17 03:19:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/17 03:19:17 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/17 03:19:16 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/03/17 03:19:16 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
:Files
ipconfig /flushdns /c
C:\Program Files\CheckPoint
C:\Program Files\Java
C:\Program Files\SearchProtect
C:\Documents and Settings\Mark\Application Data\SearchProtect
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtrl"=-
[HKEY_CURRENT_USER\DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=-
[HKEY_CURRENT_USER\S-1-5-18\SOFTWARE\\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=-
[HKEY_CURRENT_USER\S-1-5-18S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"chromium"=-
"EA Core"=-
"SearchProtect"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}]
[-HKEY_CLASSES_ROOT\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[-HKEY_CLASSES_ROOT\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[-HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[-HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} ]
[-HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} ]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}]
[-HKEY_CLASSES_ROOT\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[-HKEY_CLASSES_ROOT\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Auto Updater]
:Commands
[EmptyTemp]
- Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
- Then click the red Run Fix button.
- Let the program run unhindered.
- If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Malwarebytes Anti-Malware:
Please download the installer for Malwarebytes' Anti-Malware to your desktop.
Note: The installer will be randomly named, say for example something like 549od2jqai.exe
- Double-click on the randomly named executable, then follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
- Launch Malwarebytes' Anti-Malware
- Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Next:
When completed the above, please post back the following in the order asked for:
- How is your computer performing now, any further symptoms and or problems encountered ?
- OTL Log from the Custom Script.
- Malwarebytes Anti-Malware Log.