Jump to content

Slower than sludge, unresponsive


Recommended Posts

Hi.

 

Accidentally clicked on an ad while on Facebook, which started opening window after window after window in my browser.  It seems like since that time my computer has been slower than sludge.  All browsers (Firefox, Chrome, Opera, Safari) shortly after opening became completely unresponsive, or took ages to load.  I reset Firefox, even deleted it, but nothing seemed to help.  Windows and other programs also behave as if my cpu is maxed out, and become unresponsive or painfully slow to open.  Flash sites were also problematic, and when I attempted to update Shockwave flash, it was nearly impossible.  After a dozen attempts, I was able to finally sneak it in.

 

I ran Kaspersky, but it finds nothing.  I have done this in safe mode as well.  When I ran Malwarebytes, it did find a few things, including the dreaded sweetpacks.  I had it fix all the things it checked.  I also removed all things "sweet."

 

Unfortunately there is no improvement.

 

Thanks in advance for checking out the following DDS results.

 

 

attach.txt

dds.txt

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from the following link and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Post the produced logs...

 

Kevin

Link to post
Share on other sites

Hi Kevin.

 

Thanks for the quick reply.  Didn't realize there was any p2p stuff on here.  My room-mate also uses the machine, so I'm assuming it's something he put on here...sorry about that.  I'll have him remove it, but he's not back here until next week.  I have no idea where or what to look for to remove it; would you still be willing to work with me if I follow the above instructions anyway?

 

Thanks!

Link to post
Share on other sites

Yes remove all entries, they need to go. When that completes post the new log..

 

Next,

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 


  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Kevin...

Link to post
Share on other sites

Re-Run otlDesktopIcon.png  by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

    :OTLDRV:[b]64bit:[/b] - [2012/08/05 13:10:16 | 000,113,168 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)IE - HKU\S-1-5-21-2332836582-4288207101-1763482542-1000\..\SearchScopes\{2C9E0EE4-2610-B903-9AF4-523D61CB8099}: "URL" = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110623&user_guid=A5FFB5724D164C50B34D7BB34241D61D&machine_id=070af59ec24c5ae9f0da40b06cc0349d&browser=IE&os=win&os_version=6.1-x64-SP0IE - HKU\S-1-5-21-2332836582-4288207101-1763482542-1000\..\SearchScopes\{981AB34A-4CD8-C431-D350-65C3135AB426}: "URL" = http://dul.startya.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Yahoo&cfg=2-496-0-0&engine_id=3&provider_id=3&product_id=496&country=O2 - BHO: (Updater For ilivid Toolbar) - {57ccade8-b1cc-4848-9375-533b43f214c2} - C:\Program Files (x86)\ilividtb\auxi\ilividAu.dll (Visicom Media)O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O2 - BHO: (ilivid Toolbar) - {eeff92c2-a5c2-4e3a-b495-81185d27845d} - C:\Program Files (x86)\ilividtb\ilividDx.dll ()O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)O3 - HKLM\..\Toolbar: (ilivid Toolbar) - {eeff92c2-a5c2-4e3a-b495-81185d27845d} - C:\Program Files (x86)\ilividtb\ilividDx.dll ()O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O9:[b]64bit:[/b] - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not foundO9:[b]64bit:[/b] - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not foundO33 - MountPoints2\{b6b02fb6-302d-11e0-b324-001f16c37447}\Shell - "" = AutoRunO33 - MountPoints2\{b6b02fb6-302d-11e0-b324-001f16c37447}\Shell\AutoRun\command - "" = G:\Autorun.exeO33 - MountPoints2\{baa4d0cc-3a79-11e0-b528-001f16c37447}\Shell - "" = AutoRunO33 - MountPoints2\{baa4d0cc-3a79-11e0-b528-001f16c37447}\Shell\AutoRun\command - "" = E:\Autorun.exeO33 - MountPoints2\{e96070bf-f9f4-11df-812a-001f16c37447}\Shell - "" = AutoRunO33 - MountPoints2\{e96070bf-f9f4-11df-812a-001f16c37447}\Shell\AutoRun\command - "" = K:\StartClickFreeBackup.exe -- [2010/06/21 03:19:15 | 001,676,616 | R--- | M] (Storage Appliance Corp.)O33 - MountPoints2\{e9607114-f9f4-11df-812a-001f16c37447}\Shell - "" = AutoRunO33 - MountPoints2\{e9607114-f9f4-11df-812a-001f16c37447}\Shell\AutoRun\command - "" = H:\iStudio.exeO33 - MountPoints2\{f152890e-17df-11e2-8807-001f16c37447}\Shell - "" = AutoRunO33 - MountPoints2\{f152890e-17df-11e2-8807-001f16c37447}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exeO33 - MountPoints2\K\Shell - "" = AutoRunO33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\StartClickFreeBackup.exe -- [2010/06/21 03:19:15 | 001,676,616 | R--- | M] (Storage Appliance Corp.)[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\yvonne debbie burroughs.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\whos is this.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\tmo811.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\sarame.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\Produce.wmv:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\moneypak.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\lauraconvo.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\l_bf70971500094fe6b630e2d33e2d2793.jpg:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\kjsmall.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\kj.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\industry.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\gene  3104053460.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\farmvillecash2.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\fandango.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\crackberrymobiorder.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\ancestry.txt:Roxio EMC Stream@Alternate Data Stream - 76 bytes -> C:\Users\Kira\Documents\amexaddy.txt:Roxio EMC Stream@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:78914014:Reg[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"iLivid Download Manager"=-"ilividtb"=-:Files:Commands[emptytemp]
  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.



Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Let me see that log, also give update on any remaining issues or concerns...

Link to post
Share on other sites

This log popped up after reboot:

 

All processes killed
========== OTL ==========
Error: Unable to stop service WRkrn!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WRkrn deleted successfully.
File move failed. C:\Windows\SysNative\drivers\WRkrn.sys scheduled to be moved on reboot.
Registry key HKEY_USERS\S-1-5-21-2332836582-4288207101-1763482542-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2C9E0EE4-2610-B903-9AF4-523D61CB8099}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C9E0EE4-2610-B903-9AF4-523D61CB8099}\ not found.
Registry key HKEY_USERS\S-1-5-21-2332836582-4288207101-1763482542-1000\Software\Microsoft\Internet Explorer\SearchScopes\{981AB34A-4CD8-C431-D350-65C3135AB426}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{981AB34A-4CD8-C431-D350-65C3135AB426}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57ccade8-b1cc-4848-9375-533b43f214c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57ccade8-b1cc-4848-9375-533b43f214c2}\ deleted successfully.
C:\Program Files (x86)\ilividtb\auxi\ilividAu.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully.
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eeff92c2-a5c2-4e3a-b495-81185d27845d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eeff92c2-a5c2-4e3a-b495-81185d27845d}\ deleted successfully.
C:\Program Files (x86)\ilividtb\ilividDx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{724d43a0-0d85-11d4-9908-00400523e39a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a0-0d85-11d4-9908-00400523e39a}\ deleted successfully.
File C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{eeff92c2-a5c2-4e3a-b495-81185d27845d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eeff92c2-a5c2-4e3a-b495-81185d27845d}\ not found.
File C:\Program Files (x86)\ilividtb\ilividDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6b02fb6-302d-11e0-b324-001f16c37447}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6b02fb6-302d-11e0-b324-001f16c37447}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6b02fb6-302d-11e0-b324-001f16c37447}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6b02fb6-302d-11e0-b324-001f16c37447}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baa4d0cc-3a79-11e0-b528-001f16c37447}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baa4d0cc-3a79-11e0-b528-001f16c37447}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baa4d0cc-3a79-11e0-b528-001f16c37447}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baa4d0cc-3a79-11e0-b528-001f16c37447}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e96070bf-f9f4-11df-812a-001f16c37447}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e96070bf-f9f4-11df-812a-001f16c37447}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e96070bf-f9f4-11df-812a-001f16c37447}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e96070bf-f9f4-11df-812a-001f16c37447}\ not found.
File move failed. K:\StartClickFreeBackup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9607114-f9f4-11df-812a-001f16c37447}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9607114-f9f4-11df-812a-001f16c37447}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9607114-f9f4-11df-812a-001f16c37447}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9607114-f9f4-11df-812a-001f16c37447}\ not found.
File H:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f152890e-17df-11e2-8807-001f16c37447}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f152890e-17df-11e2-8807-001f16c37447}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f152890e-17df-11e2-8807-001f16c37447}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f152890e-17df-11e2-8807-001f16c37447}\ not found.
File F:\KODAK_Camera_Setup_App.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File move failed. K:\StartClickFreeBackup.exe scheduled to be moved on reboot.
C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
ADS C:\Users\Kira\Documents\yvonne debbie burroughs.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\whos is this.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\tmo811.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\sarame.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\Produce.wmv:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\moneypak.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\lauraconvo.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\l_bf70971500094fe6b630e2d33e2d2793.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\kjsmall.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\kj.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\industry.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\gene  3104053460.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\farmvillecash2.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\fandango.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\crackberrymobiorder.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\ancestry.txt:Roxio EMC Stream deleted successfully.
ADS C:\Users\Kira\Documents\amexaddy.txt:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\Temp:78914014 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\iLivid Download Manager not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\ilividtb not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 36367 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kira
->Temp folder emptied: 2000 bytes
->Temporary Internet Files folder emptied: 2381084827 bytes
->Java cache emptied: 3146020 bytes
->FireFox cache emptied: 204551026 bytes
->Google Chrome cache emptied: 110136542 bytes
->Apple Safari cache emptied: 100196352 bytes
->Opera cache emptied: 48519746 bytes
->Flash cache emptied: 178175961 bytes
 
User: Public
 
User: Test Account
->Temp folder emptied: 378314 bytes
->Temporary Internet Files folder emptied: 75232 bytes
->Google Chrome cache emptied: 7587246 bytes
->Opera cache emptied: 6278376 bytes
->Flash cache emptied: 57150 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 812203333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2821910 bytes
RecycleBin emptied: 129189 bytes
 
Total Files Cleaned = 3,677.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12032013_155853
 
Files\Folders moved on Reboot...
C:\Windows\SysNative\drivers\WRkrn.sys moved successfully.
File move failed. K:\StartClickFreeBackup.exe scheduled to be moved on reboot.
C:\Users\Kira\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

Any remaining issues or concerns? run following:

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.