Author Topic: [Solved] Computer extremely slow, internet pages won't load  (Read 4380 times)

Offline opivyattack

  • Bronze Member
  • Posts: 10
[Solved] Computer extremely slow, internet pages won't load
« on: November 22, 2015, 12:06:20 PM »
DDS logs below. Thank you!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.10.2
Run by Krystal at 20:00:40 on 2015-11-16
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.1013.57 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Program Files\Ask.com\CallingIDSDK\CIDGlobalLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ask.com\AbineSDK\IE\DNTPService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.pandora.com/account/sign-in
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uWinlogon: Shell = c:\program files\oceanis\systemsetting\WallPaperAgent.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.10.0\bh\delta.dll
BHO: Windows 7 Starter Helper: {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.10.0\deltaTlbr.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files\dell datasafe local backup\components\dsupdate" /runas "c:\program files\dell datasafe local backup\components\dsupdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] c:\program files\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\krystal\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{800ADE37-7604-4BA7-8F56-3C65124AD5CB} : DHCPNameServer = 12.127.16.68 216.57.128.2 12.127.17.77 216.57.130.1 12.127.16.77
TCP: Interfaces\{C2FDC205-7059-425C-8D9D-DC3FEE36DD88} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C2FDC205-7059-425C-8D9D-DC3FEE36DD88}\2454542507F6E67612 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2FDC205-7059-425C-8D9D-DC3FEE36DD88}\3555C4C49525F434B43512 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C2FDC205-7059-425C-8D9D-DC3FEE36DD88}\3555C4C495963735F4B6F6F6C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2FDC205-7059-425C-8D9D-DC3FEE36DD88}\3757C6C69796376455B494E444F40554 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2FDC205-7059-425C-8D9D-DC3FEE36DD88}\B65667B6566724545454542505F4E474 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2FDC205-7059-425C-8D9D-DC3FEE36DD88}\C494A57716E647372454542505F4E474 : DHCPNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\krystal\appdata\roaming\mozilla\firefox\profiles\49hukh42.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10266&gct=hp&dc=US&locale=en_US
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\krystal\appdata\roaming\mozilla\firefox\profiles\49hukh42.default\extensions\toolbar@ask.com\plugins\npAviraCallingID.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-11-16 23:14; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 77e3883d-3d2f-4626-9d4e-08ff5871df13
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 30c1038b00000000000070f1a1f35809
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15766
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.018:36:56
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-6-26 13680]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-6 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-6 361032]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-4-14 37352]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-6-24 87968]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-4-14 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-4-14 110816]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-4-14 565472]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-6 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-6 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-6 44808]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-4-14 84744]
R2 BrowserProtect;BrowserProtect;c:\programdata\browserprotect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-3-1 2561488]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2010-9-19 673088]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-21 2358656]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-9-19 143840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192ce.sys [2010-9-19 853536]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-24 191008]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-11 52224]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
.
============= FINISH: 20:02:35.15 ===============
« Last Edit: November 22, 2015, 03:32:44 PM by seedy21 »

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #1 on: November 22, 2015, 03:45:15 PM »
Hello opivyattack

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

You should never run more than one antivirus program at the same time. The two programs could slow down your computer, and they might even identify each other as a virus, which could lead to file corruption or other conflicts and errors that make your antivirus protection less effective—or not effective at all.

A guide on how to uninstall software can be found at HERE
Please Un-install One of  the following Programs :-

Avira Desktop
Avast! Antivirus


Step 2

Download zoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe

You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
Code: (auto:0) [Select]
installedprogs;
process;
systemspecs;
services-list;
filesrcm;
srinfo;
emptyfolderscheck;
startupall;
firefoxlook;
chromelook;
skipfix-iedefaults;
msconfigcheck;
fakechrprofiles;
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #2 on: November 24, 2015, 07:57:24 AM »
This is a 48 hour status check. We need to continue our troubleshooting to make sure there are no more threats on your machine. If you don't have any free time please reply back to this thread and we will keep it open.

If you don't reply back within 24 hours, this thread may be closed for inactivity.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #3 on: November 27, 2015, 01:15:33 PM »
Topic has been re-openned at the Original Poster request.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline opivyattack

  • Bronze Member
  • Posts: 10
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #4 on: November 27, 2015, 06:00:34 PM »
Thanks again Seedy :). Log below


Zoek.exe v5.0.0.1 Updated 26-November-2015
Tool run by Krystal on Thu 11/26/2015 at 18:49:28.40.
Microsoft Windows 7 Starter  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Krystal\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/26/2015 6:55:31 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\CCleaner
C:\Program Files\HitmanPro
C:\Program Files\MSXML 4.0
C:\Program Files\Common Files\Symantec Shared
C:\PROGRA~2\Babylon
C:\PROGRA~2\PCDr
C:\Users\Krystal\AppData\Roaming\Media Player Classic
C:\Users\Krystal\AppData\Roaming\TP
C:\Users\Krystal\AppData\Local\DataSafeOnline
C:\Users\Krystal\AppData\Local\VirtualStore

==== Installed Programs ======================

32 Bit HP CIO Components Installer 
Adobe Flash Player 11 ActiveX 
Adobe Flash Player 11 Plugin 
Adobe Reader XI (11.0.02) 
Advanced Audio FX Engine 
Aleks 3.18 
Apple Application Support 
Apple Mobile Device Support 
Apple Software Update 
avast Free Antivirus 
Battery Meter 
Bing Rewards Client Installer 
Bonjour 
BrowserProtect 
BufferChm 
C4700 
CapsLKNotify 
Cisco EAP-FAST Module 
Cisco LEAP Module 
Cisco PEAP Module 
Cozi 
D3DX10 
Dell DataSafe Local Backup 
Dell DataSafe Online 
Dell Dock 
Dell Edoc Viewer 
Dell Getting Started Guide 
Dell Support Center (Support Software) 
Dell Webcam Central 
Delta Chrome Toolbar 
Delta toolbar   
Destinations 
DeviceDiscovery 
Driver Mender 
EMSC 
Function Keys 
GPBaseService2 
HP Customer Participation Program 14.0 
HP Imaging Device Functions 14.0 
HP Photo Creations 
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 
HP Smart Web Printing 4.60 
HP Solution Center 14.0 
HP Update 
HPPhotoGadget 
HPProductAssistant 
HPSSupply 
Intel(R) Graphics Media Accelerator Driver 
iTunes 
Java 7 Update 10 
Java Auto Updater 
Junk Mail filter update 
Live Cam Avatar Creator 
MarketResearch 
Media Player Classic - Home Cinema v1.4.2499.0 
Mesh Runtime 
Messenger Companion 
Microsoft .NET Framework 4 Client Profile 
Microsoft .NET Framework 4 Extended 
Microsoft Application Error Reporting 
Microsoft Default Manager 
Microsoft Office 2010 
Microsoft Office Click-to-Run 2010 
Microsoft Office Starter 2010 - English 
Microsoft Silverlight 
Microsoft SQL Server 2005 Compact Edition [ENU] 
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 
Mozilla Firefox 19.0.2 (x86 en-US) 
Mozilla Maintenance Service 
MSVCRT 
MSXML 4.0 SP2 (KB954430) 
MSXML 4.0 SP2 (KB973688) 
Network 
Oceanis Change Background Windows 7 
OpenOffice.org 3.4.1 
PDF Reader 
PDF Reader Packages 
PS_AIO_06_C4700_SW_Min 
QuickTime 
QuickTransfer 
Realtek Ethernet Controller Driver For Windows 7 
Realtek High Definition Audio Driver 
REALTEK PCIE Wireless LAN Driver 
Realtek USB 2.0 Card Reader 
Scan 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) 
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) 
Security Update for Microsoft .NET Framework 4 Extended (KB2487367) 
Security Update for Microsoft .NET Framework 4 Extended (KB2656351) 
Security Update for Microsoft .NET Framework 4 Extended (KB2736428) 
Security Update for Microsoft .NET Framework 4 Extended (KB2742595) 
Shop for HP Supplies 
Skype Toolbars 
SkypeT 5.10 
SmartWebPrinting 
SolutionCenter 
Status 
Synaptics Pointing Device Driver 
TeamViewer 6 
Toolbox 
TrayApp 
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) 
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) 
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) 
Update for Microsoft .NET Framework 4 Extended (KB2468871) 
Update for Microsoft .NET Framework 4 Extended (KB2533523) 
Update for Microsoft .NET Framework 4 Extended (KB2600217) 
Update for PDF Reader 
WebReg 
Windows Live Communications Platform 
Windows Live Essentials 
Windows Live Family Safety 
Windows Live ID Sign-in Assistant 
Windows Live Installer 
Windows Live Mail 
Windows Live Mesh 
Windows Live Mesh ActiveX Control for Remote Connections 
Windows Live Messenger 
Windows Live Messenger Companion Core 
Windows Live MIME IFilter 
Windows Live Movie Maker 
Windows Live Photo Common 
Windows Live Photo Gallery 
Windows Live PIMT Platform 
Windows Live Remote Client 
Windows Live Remote Client Resources 
Windows Live Remote Service 
Windows Live Remote Service Resources 
Windows Live SOXE 
Windows Live SOXE Definitions 
Windows Live Sync 
Windows Live UX Platform 
Windows Live UX Platform Language Pack 
Windows Live Writer 
Windows Live Writer Resources 
WSED 
Yontoo 1.10.03 

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Krystal\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe
R2 - [AERTFilters] - Andrea RT Filters Service - c:\program files\realtek\audio\hda\aertsrv.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
R2 - [cvhsvc] - Client Virtualization Handler - c:\program files\common files\microsoft shared\virtualization handler\cvhsvc.exe
R2 - [DockLoginService] - Dock Login Service - c:\program files\dell\delldock\docklogin.exe
R2 - [sftlist] - Application Virtualization Client - c:\program files\microsoft application virtualization client\sftlist.exe
R2 - [SftService] - SoftThinks Agent Service - c:\program files\dell datasafe local backup\sftservice.exe
R2 - [TeamViewer6] - TeamViewer 6 - c:\program files\teamviewer\version6\teamviewer_service.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files\microsoft application virtualization client\sftvsa.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files\windows live\family safety\fsssvc.exe
S3 - [IDriverT] - InstallDriver Table Manager - c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

==== System Specs ======================

Windows: Windows 7 Starter Edition Service Pack 1 (Build 7601)
Memory (RAM): 1014 MB
CPU Info: Intel(R) Atom(TM) CPU N455   @ 1.66GHz
CPU Speed: 1690.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) Graphics Media Accelerator 3150 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1024 X 600 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC | Realtek PCIe FE Family Controller
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  139.2GB | Q:  0.0MB
Hard Disks - Free: C:  106.1GB | Q:  0.0MB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 07/29/10 | DELL   - 6040000
Time Zone: Central Standard Time
Motherboard *: Dell Inc. 0GHG2G
Country: United States
Language: ENU

==== System Specs (Software) ======================

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Default Browser: Firefox   19.0.2
Internet Explorer Version: 10.0.9200.16540
Mozilla Firefox version: 19.0.2 (x86 en-US)
Adobe Reader version: 11.0.02.0
Sun Java version: 1.7.0_10-ea (32-bit)
Flash Player version: 11.6.602.180

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Krystal\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2015-11-27 00:22:57   D41D8CD98F00B204E9800998ECF8427E   0   ----a-w-   C:\Windows\System32\shoAA9D.tmp
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\Krystal\AppData\Roaming ======
====== C:\Users\Krystal ======

====== C: exe-files ==
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"
"BTMeter"="C:\Program Files\Battery Meter\BTMeter.exe"
"CapsLKNotify"="C:\Program Files\CapsLKNotify\CapsLKNotify.exe"
"WSED"="C:\Program Files\WSED\WSED.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Microsoft Default Manager"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"Dell DataSafe Online"="C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe /m"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe /NOCONSOLE /D=C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate /RUNAS C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
"STToasterLauncher"="C:\Program Files\Dell DataSafe Local Backup\toasterLauncher.exe"
"Launcher"="C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~2\\browse~1\\261095~1.52\\{c16c1~1\\browse~1.dll "

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Updater Service for StartNow Toolbar]


==== Startup Folders ======================

2010-09-19 04:48:01   2000   ----a-w-   C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2010-09-19 04:48:01   2000   ----a-w-   C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2012-12-06 07:11:28   1195   ----a-w-   C:\Users\Krystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\DSite" [C:\Users\Krystal\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/06/2012 12:42 AM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{0F827075-B026-42F3-885D-98981EE7B1AE}"="C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" [03/01/2013 06:37 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default
- Delta Toolbar - %ProfilePath%\extensions\ffxtlbr@delta.com
- Oberon GamesBar - %ProfilePath%\extensions\gamesbar@oberon-media.com
- ShopToWin22 - %ProfilePath%\extensions\{7cd0c597-24e0-45b0-8bde-2e79b3fc0499}
- XUL Cache - %ProfilePath%\extensions\{9c0285ea-4a94-4cfa-9a10-cfab648930d6}
- XUL Cache - %ProfilePath%\extensions\{e6392193-18a2-4ad1-83e1-e5b76b88de08}
- Yontoo - %ProfilePath%\extensions\plugin@yontoo.com.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default
47299371607DC2FB234444EEACB1639E   - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll -   Shockwave Flash
570A48F975661221A126FCFE3B38B7E1   - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -   Adobe Acrobat
B1BB8EDC9D83D8096EE873F04CEE600C   - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -   Adobe Acrobat
A5C14075B571AF1C9592595BE724D9D2   - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll -   Silverlight Plug-In
2C9271800AB1506D827E57AA34AF3563   - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -   Java(TM) Platform SE 7 U10
169D5E796A8BE647ACE2E8170A567208   - C:\Windows\system32\npDeployJava1.dll -   Java Deployment Toolkit 7.0.100.10
11EF47BE3D8A4A943E10A63870C1F2C6   - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll -   QuickTime Plug-in 7.7.3
BB7F5F4966E76578A3EC0D11C444C545   - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll -   QuickTime Plug-in 7.7.3
16112E74A62381C69456566D35F9E51E   - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -   QuickTime Plug-in 7.7.3
BB28A86CDFFFBB041C72AD9EFEAA00D0   - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -   QuickTime Plug-in 7.7.3
2DA7883A884BE60F9EB2810F67E0E361   - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -   QuickTime Plug-in 7.7.3
DE5507DBA44CC5B6869205871B64A587   - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -   QuickTime Plug-in 7.7.3
419680FCE774976FD752EB425D91AEDF   - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -   QuickTime Plug-in 7.7.3
2658CE01D183BC62E7C46A1C9969632E   - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -   iTunes Application Detector
AC421A44DE902F2627F1E63793ED89CD   - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -   Windows Live? Photo Gallery
603EEEFCB32003955535EF9418C87BC9   - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll -   Oberon com adapter
15E298B5EC5B89C5994A59863969D9FF   - C:\Windows\system32\npmproxy.dll -   Microsoft® Windows® Operating System
2AA3703D87E1327A2290C9D416D89A28   - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll -   Microsoft® Silverlight


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\Krystal\AppData\Roaming\BabSolution\CR\Delta.crx[02/25/2013 06:51 AM]
niapdbllcanepiiimjjndipklodoedlc - No path found[]
pgafcinpmmpklohkojmllohdhomoefph - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx[02/19/2013 06:00 AM]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.pandora.com/account/sign-in"
"bProtector Start Page"="http://www.pandora.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"=""
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\SearchScopes\{4FE13C31-89AB-4A65-89C0-AA98DDB64F88} - http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
HKCU\SearchScopes "DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
HKCU\SearchScopes "bProtectorDefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
HKCU\SearchScopes\{0169E633-8781-F882-9BC7-7B014AE4DE4E} - http://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111012&iesrc={referrer:source}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - http://www.delta-search.com/?q={searchTerms}&affID=119351&babsrc=SP_ss&mntrId=30c1038b00000000000070f1a1f35809
HKCU\SearchScopes\{9578A017-2A09-43B7-8B88-AEA73B648DDC} - http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10266&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^US&apn_uid=d61881ef-de3e-462a-b44d-c3750610337a&apn_sauid=4E2C41B2-5774-4D89-BBBC-0693A27ED438

======== System Restore Points ========

RP137: 3/31/2013 12:37:13 PM - Windows Update
RP138: 4/5/2013 1:01:21 PM - Windows Update
RP139: 4/9/2013 9:20:54 PM - Windows Update
RP140: 4/11/2013 1:40:53 AM - Windows Update
RP141: 4/14/2013 1:33:54 PM - Windows Update
RP142: 4/17/2013 3:00:15 AM - Windows Update
RP143: 4/24/2013 12:48:47 AM - Windows Update
RP144: 11/26/2015 6:54:46 PM - zoek.exe restore point

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Thu 11/26/2015 at 19:04:55.80 ======================

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #5 on: November 29, 2015, 03:33:14 PM »
Hi opivyattack

Can you confirm you installed and use Teamviewer?

Step 1

We need to Uninstall a program
  • Click on Start -> Control Panel -> Add/Remove Programs
  • Uninstall the following Programs:-
Bing Rewards Client Installer
BrowserProtect
Delta Chrome Toolbar
Delta toolbar
MarketResearch
Yontoo 1.10.03 

  • Close the Add/Remove Programs and Control Panel
  • Restart your computer

Step 2

We need to re-run Zoek
  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe

You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
Code: (auto:0) [Select]
C:\PROGRA~2\Babylon;fs
C:\PROGRA~2\PCDr;fs
c:\\progra~2\\browse~1\\261095~1.52\\{c16c1~1\\browse~1.dll;f
C:\ProgramData\BrowserProtect\;fs
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
Delta Toolbar;ff
Yontoo;ff
eooncjejnppfjjklapaamhcdmjbilmde;chr
niapdbllcanepiiimjjndipklodoedlc;chr
pgafcinpmmpklohkojmllohdhomoefph;chr
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9};c
{0633EE93-D776-472f-A0FF-E1416B8B2E3A};c
{9578A017-2A09-43B7-8B88-AEA73B648DDC};c
autoclean;
services_list;
emptyalltemp;
emptyclsid;
standardsearch;
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

Step 3

We need to run a scan with MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update
  • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits
  • Go back to the Dashboard and select Scan Now
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot
  • On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop.
  • Please post that log for my review.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline opivyattack

  • Bronze Member
  • Posts: 10
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #6 on: November 30, 2015, 10:58:12 PM »
Thank you. All steps completed.

1) Note that Bing Rewards Client Installer and MarketResearch were not found in the list

2)


Zoek.exe v5.0.0.1 Updated 28-November-2015
Tool run by Krystal on Mon 11/30/2015 at  1:10:03.50.
Microsoft Windows 7 Starter  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Krystal\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-11-27-010455.log   25727 bytes

==== Empty Folders Check ======================

C:\Program Files\CCleaner deleted successfully
C:\Program Files\HitmanPro deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Common Files\Symantec Shared deleted successfully
C:\PROGRA~2\Babylon deleted successfully
C:\PROGRA~2\PCDr deleted successfully
C:\Users\Krystal\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Krystal\AppData\Roaming\TP deleted successfully
C:\Users\Krystal\AppData\Local\DataSafeOnline deleted successfully
C:\Users\Krystal\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-530960115-2016287997-2560366090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-530960115-2016287997-2560366090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-530960115-2016287997-2560366090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9578A017-2A09-43B7-8B88-AEA73B648DDC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default

---- Lines delta removed from prefs.js ----
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "30c1038b00000000000070f1a1f35809");
user_pref("extensions.delta.instlDay", "15766");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "1.8.10.018:36:56");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.018:36:56");
---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "30c1038b00000000000070f1a1f35809");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15766");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.018:36:56");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);

---- Lines yahoo removed from prefs.js ----
user_pref("freecause7cd0c59724e045b08bde2e79b3fc0499.yahooSearch", false);
---- Lines Search  modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files\\
---- FireFox user.js and prefs.js backups ----

user_20151130_0142_.backup
prefs_20151130_0142_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Program Files\CCleaner not found
C:\PROGRA~2\Babylon not found
C:\PROGRA~2\PCDr not found
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml deleted
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober3939742.xml deleted
C:\Program Files\Media Player Classic - Home Cinema deleted
C:\Program Files\Yahoo! deleted
C:\Users\Krystal\AppData\Roaming\Yahoo! deleted
C:\Users\Krystal\AppData\Roaming\Babylon deleted
C:\Users\Krystal\AppData\Roaming\DSite deleted
C:\PROGRA~2\Tarma Installer deleted
C:\PROGRA~2\UAB deleted
C:\PROGRA~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted
C:\PROGRA~2\{D19C2D22-6043-47E7-B400-83A351841204} deleted
C:\Users\Krystal\AppData\Local\PC_Drivers_Headquarters deleted
C:\Windows\System32\Tasks\DSite deleted
C:\Users\Krystal\AppData\LocalLow\Delta deleted
C:\Windows\System32\shoAA9D.tmp deleted
C:\Windows\System32\shoB3A9.tmp deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\searchplugins\askcom.xml deleted
C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\Invalidprefs.js deleted
C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\FCTB deleted
"C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\searchplugins\delta.xml" deleted
"C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\searchplugins\delta.xml" deleted
"C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\searchplugins\delta.xml" deleted
"C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\searchplugins\delta.xml" deleted
"C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml" deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not deleted
"C:\PROGRA~2\BrowserProtect" not deleted
"C:\PROGRA~2\BrowserProtect" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components" not deleted
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11/30/2015 01:02 AM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [11/16/2010 11:14 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default
- Oberon GamesBar - %ProfilePath%\extensions\gamesbar@oberon-media.com
- ShopToWin22 - %ProfilePath%\extensions\{7cd0c597-24e0-45b0-8bde-2e79b3fc0499}
- XUL Cache - %ProfilePath%\extensions\{9c0285ea-4a94-4cfa-9a10-cfab648930d6}
- XUL Cache - %ProfilePath%\extensions\{e6392193-18a2-4ad1-83e1-e5b76b88de08}

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default
47299371607DC2FB234444EEACB1639E   - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll -   Shockwave Flash
570A48F975661221A126FCFE3B38B7E1   - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -   Adobe Acrobat
B1BB8EDC9D83D8096EE873F04CEE600C   - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -   Adobe Acrobat
A5C14075B571AF1C9592595BE724D9D2   - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll -   Silverlight Plug-In
2C9271800AB1506D827E57AA34AF3563   - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -   Java(TM) Platform SE 7 U10
169D5E796A8BE647ACE2E8170A567208   - C:\Windows\system32\npDeployJava1.dll -   Java Deployment Toolkit 7.0.100.10
11EF47BE3D8A4A943E10A63870C1F2C6   - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll -   QuickTime Plug-in 7.7.3
BB7F5F4966E76578A3EC0D11C444C545   - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll -   QuickTime Plug-in 7.7.3
16112E74A62381C69456566D35F9E51E   - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -   QuickTime Plug-in 7.7.3
BB28A86CDFFFBB041C72AD9EFEAA00D0   - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -   QuickTime Plug-in 7.7.3
2DA7883A884BE60F9EB2810F67E0E361   - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -   QuickTime Plug-in 7.7.3
DE5507DBA44CC5B6869205871B64A587   - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -   QuickTime Plug-in 7.7.3
419680FCE774976FD752EB425D91AEDF   - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -   QuickTime Plug-in 7.7.3
2658CE01D183BC62E7C46A1C9969632E   - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -   iTunes Application Detector
AC421A44DE902F2627F1E63793ED89CD   - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -   Windows Live? Photo Gallery
603EEEFCB32003955535EF9418C87BC9   - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll -   Oberon com adapter
15E298B5EC5B89C5994A59863969D9FF   - C:\Windows\system32\npmproxy.dll -   Microsoft® Windows® Operating System
2AA3703D87E1327A2290C9D416D89A28   - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll -   Microsoft® Silverlight


==== Deleted Firefox Extensions ======================

C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\{9c0285ea-4a94-4cfa-9a10-cfab648930d6} deleted
C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\{e6392193-18a2-4ad1-83e1-e5b76b88de08} deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/27/2015 06:01 PM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.pandora.com/account/sign-in"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.pandora.com/account/sign-in"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"=""
HKLM\SearchScopes\{4FE13C31-89AB-4A65-89C0-AA98DDB64F88} - http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0169E633-8781-F882-9BC7-7B014AE4DE4E} - http://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111012&iesrc={referrer:source}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9D3D8C60-A55F-4123-B2B9-173F09590E16} deleted successfully

==== Empty IE Cache ======================

C:\Users\Krystal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Krystal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Krystal\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Krystal\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Krystal\AppData\Local\Mozilla\Firefox\Profiles\49hukh42.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=246 folders=39 48298872 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Krystal\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Krystal\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js"  not found
"C:\PROGRA~2\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul"  not found
"C:\PROGRA~2\BrowserProtect"  not found
"C:\PROGRA~2\BrowserProtect"  not found

==== EOF on Mon 11/30/2015 at 21:22:46.35 ======================

3) I hope this was the right log. I didn't actually see a log that said detailed report.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/30/2015
Scan Time: 9:51 PM
Logfile: mbam2.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.01.01
Rootkit Database: v2015.11.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Krystal

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317586
Time Elapsed: 35 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [7c691b8425662a0c52196cd4c63c9a66],
PUP.Optional.MeFeedia, HKU\S-1-5-21-530960115-2016287997-2560366090-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{154D932F-DC51-4A4F-9D52-B78B1419D3B4}, , [8e57f0af17744fe781793a0bbf4334cc],
PUP.Optional.GamesBar, HKU\S-1-5-21-530960115-2016287997-2560366090-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CB0D163C-E9F4-4236-9496-0597E24B23A5}, , [9f46336c3259d85e828061e4c53d4bb5],
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\DataMngr, , [0cd9643b6625e6504e0043ac689b4db3],
PUP.Optional.OpenApp, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kincjchfokkeneeofpeefomkikfkiedl, , [e203346bacdf191d3301c7d21fe4a35d],
PUP.Optional.BabylonToolBar, HKU\S-1-5-21-530960115-2016287997-2560366090-1000\SOFTWARE\BabylonToolbar, , [8362851a62292f07502aafc4da29da26],
PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-530960115-2016287997-2560366090-1000\SOFTWARE\DataMngr, , [29bcf7a8fd8e48ee1e2e18d77c87da26],
PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-530960115-2016287997-2560366090-1000\SOFTWARE\DataMngr_Toolbar, , [3ea7ccd393f85dd9a2ab3cb39e650df3],
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-530960115-2016287997-2560366090-1000\SOFTWARE\delta LTD, , [45a0e4bb8cff86b0ea566fe3f80bf50b],
PUP.Optional.DigitalSites, HKU\S-1-5-21-530960115-2016287997-2560366090-1000\SOFTWARE\DSiteProducts, , [3ea7ccd35e2dc076dce2cbb650b348b8],
PUP.Optional.InstallCore, HKU\S-1-5-21-530960115-2016287997-2560366090-1000\SOFTWARE\InstallCore, , [865fa7f8f398b87e5e00aedfa95a936d],
PUP.Optional.MultiIE, HKU\S-1-5-21-530960115-2016287997-2560366090-1000\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [8f56019e2863c274a1a631652ed5b64a],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.GamesBar, C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\gamesbar@oberon-media.com, , [2abb1788a3e83ff79d75394350b2b44c],
PUP.Optional.GamesBar, C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\gamesbar@oberon-media.com\chrome, , [2abb1788a3e83ff79d75394350b2b44c],
PUP.Optional.GamesBar, C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\gamesbar@oberon-media.com\components, , [2abb1788a3e83ff79d75394350b2b44c],

Files: 9
PUP.Optional.InstallCore, C:\Users\Krystal\AppData\Roaming\PDF Reader Packages\uninstaller.exe, , [c71ef8a77615b581ce9f0836fc0515eb],
PUP.Optional.Bundler, C:\Users\Krystal\Downloads\PDFReaderSetup.exe, , [0cd98916e7a4092d4651a8e2dd244bb5],
PUP.Optional.GamesBar, C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\gamesbar@oberon-media.com\chrome.manifest, , [2abb1788a3e83ff79d75394350b2b44c],
PUP.Optional.GamesBar, C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\gamesbar@oberon-media.com\gb.cfg, , [2abb1788a3e83ff79d75394350b2b44c],
PUP.Optional.GamesBar, C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\gamesbar@oberon-media.com\install.rdf, , [2abb1788a3e83ff79d75394350b2b44c],
PUP.Optional.GamesBar, C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\gamesbar@oberon-media.com\chrome\chrome.jar, , [2abb1788a3e83ff79d75394350b2b44c],
PUP.Optional.GamesBar, C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\gamesbar@oberon-media.com\components\autocomplite.js, , [2abb1788a3e83ff79d75394350b2b44c],
PUP.Optional.GamesBar, C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\gamesbar@oberon-media.com\components\logger.js, , [2abb1788a3e83ff79d75394350b2b44c],
PUP.Optional.GamesBar, C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\extensions\gamesbar@oberon-media.com\components\omIGamesBarLogger.xpt, , [2abb1788a3e83ff79d75394350b2b44c],

Physical Sectors: 0
(No malicious items detected)


(end)

Thanks again!

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #7 on: December 01, 2015, 03:08:47 AM »
Hi Opivyattach

You didn't answer my question:-

Quote
Can you confirm you installed and use Teamviewer?

Also can you confirm that when you ran Malwarebytes, When the threats are detected you click the Apply Actions button to remove them?
If not can you re-run Malwarebytes and remove the threats it finds?


Step 1

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on icon and select Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
Please include the contents of that file in your reply.

Step 2

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline opivyattack

  • Bronze Member
  • Posts: 10
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #8 on: December 01, 2015, 11:24:23 PM »
Shoot, sorry I forgot! Honestly, I'm helping my cousin so I don't know if she uses teamviewer but I doubt that she does. Also, I did do Apply actions on Malware Bytes so that is done.

New logs below. Thanks!

# AdwCleaner v5.023 - Logfile created 01/12/2015 at 21:27:23
# Updated 30/11/2015 by Xplode
# Database : 2015-11-30.1 [Server]
# Operating system : Windows 7 Starter Service Pack 1 (x86)
# Username : Krystal - KRYSTAL-PC
# Running from : C:\Users\Krystal\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Driver Mender
[-] Folder Deleted : C:\ProgramData\Driver Mender
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Mender
[-] Folder Deleted : C:\Users\Krystal\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\Krystal\AppData\Roaming\PDF Reader Packages

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : DSite

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKCU\Software\5868dd8b43fe413
[-] Key Deleted : HKLM\SOFTWARE\5868dd8b43fe413
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Babylon
[-] Key Deleted : HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Reader Packages
[-] Key Deleted : HKU\S-1-5-21-530960115-2016287997-2560366090-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Yahoo\Companion
[-] Key Deleted : HKU\S-1-5-21-530960115-2016287997-2560366090-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKU\S-1-5-21-530960115-2016287997-2560366090-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKU\S-1-5-21-530960115-2016287997-2560366090-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
[-] Key Deleted : HKU\S-1-5-21-530960115-2016287997-2560366090-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Reader Packages
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-search.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webcrawler.com

***** [ Web browsers ] *****

[-] [C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\prefs.js] [Preference] Deleted : user_pref("freecause7cd0c59724e045b08bde2e79b3fc0499.customNewTab", false);
[-] [C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\prefs.js] [Preference] Deleted : user_pref("freecause7cd0c59724e045b08bde2e79b3fc0499.DNSCatch", false);
[-] [C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\prefs.js] [Preference] Deleted : user_pref("freecause7cd0c59724e045b08bde2e79b3fc0499.FirstLaunchShown", true);
[-] [C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\prefs.js] [Preference] Deleted : user_pref("freecause7cd0c59724e045b08bde2e79b3fc0499.LastDate", 30);
[-] [C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\prefs.js] [Preference] Deleted : user_pref("freecause7cd0c59724e045b08bde2e79b3fc0499.processAddrBar", false);
[-] [C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\prefs.js] [Preference] Deleted : user_pref("freecause7cd0c59724e045b08bde2e79b3fc0499.tb_lang", "en");
[-] [C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\49hukh42.default\prefs.js] [Preference] Deleted : user_pref("freecause7cd0c59724e045b08bde2e79b3fc0499.vars.disablecuidinject", "1");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5166 bytes] ##########



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Update Init
Update Download
Update Finalize
Updated modules version: 26999

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #9 on: December 02, 2015, 02:55:31 AM »
Hi Opivyattack

Can I have an update on how the machine is running now? are you still having issues with the Speed of the machine / Internet pages not loading ?

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline opivyattack

  • Bronze Member
  • Posts: 10
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #10 on: December 02, 2015, 04:08:22 PM »
Thank you. It is now able to load internet pages again and it's running okay. It does still get notifications from Avast saying that harmful objects were blocked. I noticed the ESET log didn't look very complete. It said it found 10 items including a few Trojan items. I don't know why they didn't show up on the log. I looked everywhere to see if there was another log but I found nothing.

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #11 on: December 03, 2015, 11:14:46 AM »
Hi opivyattack,

The log will be at C:\Program Files\ESET\EsetOnlineScanner\log.txt

Please can you let me know what Avast is blocking on you? You should beable to look at the logs in the Avast Program or by going to C:\ProgramData\AVAST Software\Avast\log

Seedy21



“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline opivyattack

  • Bronze Member
  • Posts: 10
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #12 on: December 05, 2015, 09:44:55 AM »
Hello,

I reran ESET and it still didn't show a proper log so I copied some data:

C:\Program Files\Dell DataSafe Local Backup\hstart.exe   a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe   a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files\PDFReader\Uninstall\Uninstall.exe   a variant of Win32/Kryptik.BWJC trojan
C:\zoek_backup\C_PROGRA~2_BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx   Win32/bProtector.E potentially unwanted application
C:\zoek_backup\C_PROGRA~2_BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe   a variant of Win32/bProtector.J potentially unwanted application
C:\zoek_backup\C_PROGRA~2_BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe   a variant of Win32/bProtector.J potentially unwanted application
C:\zoek_backup\C_PROGRA~2_BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll   a variant of Win32/bProtector.B potentially unwanted application
C:\zoek_backup\C_Users_Krystal_AppData_Roaming_Mozilla_Firefox_Profiles_49hukh42.default_extensions_{9c0285ea-4a94-4cfa-9a10-cfab648930d6}\chrome.manifest   Win32/TrojanDownloader.Tracur.F trojan
C:\zoek_backup\C_Users_Krystal_AppData_Roaming_Mozilla_Firefox_Profiles_49hukh42.default_extensions_{e6392193-18a2-4ad1-83e1-e5b76b88de08}\chrome.manifest   Win32/TrojanDownloader.Tracur.F trojan
C:\zoek_backup\C_Users_Krystal_AppData_Roaming_Mozilla_Firefox_Profiles_49hukh42.default_extensions_{e6392193-18a2-4ad1-83e1-e5b76b88de08}\chrome\xulcache.jar   JS/Agent.NDO trojan

As far as Avast, the logfile shows log.db. I opened it with notepad but it was unreadable to us. Is there a different logfile I should be using? There is a folder called Log but there are a bunch of files in there but I don't know which one to use or how to open it if it doesn't work on notepad. I also saw that Malwarebytes had blocked something the other day but then I disabled it so it didn't interfere with Avast.

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #13 on: December 05, 2015, 01:49:25 PM »
Hi Opivyattack


Good news, the Eset log has justed detected the files Zoek as moved into its back-up folder.

I have had another look. Can you please go to C:/Program Data/Avast Software/Avast/ Right click on Reports Folder Click Send To and then click Compressed Zip Folder

When you reply back to back to this topic, click Attachments and other options, Under Attach click Browse and locate the folder you zipped up for me.

Please run a Scan with Avast Anti-virus and let me know if it finds any threats.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline opivyattack

  • Bronze Member
  • Posts: 10
Re: [Solved] Computer extremely slow, internet pages won't load
« Reply #14 on: December 06, 2015, 10:26:34 PM »
zip file attached