Waiting on google

23robbie · Jan 18, 2014

Guys, I am having a problem with programs loading. It always says waiting on google, or waiting on the next website I am trying to go to. I have great download speed 12 to 14 mps so What can be making my pc drag so? I tried CC cleaner off C-net, No Joy! I don't if or even how to manipulate background stuff would do it Bob

Twiki · Jan 18, 2014

It could be internet congestion or bad linkup. I run into this sometimes and I just close my browser and try again. Lots of times it improved doing that.

23robbie · Jan 19, 2014

no help

Twiki · Jan 19, 2014

Did it run good before? if that's the case download Malwarebyte, update the database and run a full computer scan. Also try AVG virus scanner as well.

johnb35 · Jan 19, 2014

Please download and run the following programs and post the logs.

1.

Please download AdwCleaner by Xplode onto your Desktop.

•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

23robbie · Jan 21, 2014

johnb35/ slow connection

John boy I am getting 17mps download and can't get a program to load in less than6-10 secs Tried junkware removal tool and the other one .No Joy!!!!!!!!!!!!!!!!!!!111

johnb35 · Jan 21, 2014

Can you post the logs so I know what if anything was removed? Do the following as well.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that malwarebytes produces.

23robbie · Jan 24, 2014

log of problems

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Bob Mills :: FLORIDAROOM [administrator]

Protection: Enabled

1/19/2014 1:11:46 PM
mbam-log-2014-01-19 (13-11-46).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 337491
Time elapsed: 33 minute(s), 4 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (PUP.Optional.MindSpark) -> 3240 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 45
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\VideoDownloadConverter_4z.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\VideoDownloadConverter_4z.SkinLauncher (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\VideoDownloadConverter_4z.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\VideoDownloadConverter_4z.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCR\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalRecipeSearch_14bar Uninstall (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCR\CLSID\{df22384f-cf68-4d19-969f-10423715528b} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCR\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch_14 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Bob Mills\AppData\Local\Slick Savings (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 40
C:\Users\Bob Mills\AppData\Local\Temp\sp_downloader.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zsknlcr.dll (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WN12HA4\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYOB1H9T\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TAL4TXVG\mozilla firefox setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\AppData\Local\Temp\nsbE0E9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\AppData\Local\Temp\nsbE270.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\AppData\Local\Temp\nsg965F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\AppData\Local\Temp\nsg97E6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\AppData\Local\Temp\nsmDF53.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\AppData\Local\Temp\nsp1893.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\AppData\Local\Temp\nsr94C9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Documents\My Documents\Downloads\Post_Express_Label_VID20178(2).zip (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Documents\My Documents\Downloads\Post_Express_Label_VID20178(3).zip (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Documents\My Documents\Downloads\Post_Express_Label_VID20178.zip (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Documents\Removable Disk\My Documents\Downloads\Post_Express_Label_VID20178(2).zip (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Documents\Removable Disk\My Documents\Downloads\Post_Express_Label_VID20178(3).zip (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Documents\Removable Disk\My Documents\Downloads\Post_Express_Label_VID20178.zip (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\Breaking Bad Season 5 Episode 9(1).exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\Breaking Bad Season 5 Episode 9(2).exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\Breaking Bad Season 5 Episode 9(3).exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\Breaking Bad Season 5 Episode 9(4).exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\Breaking Bad Season 5 Episode 9(5).exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\Breaking Bad Season 5 Episode 9.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\Breaking Bad Season_5 Episode 9(1).exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\Breaking Bad Season_5 Episode 9.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\CodecPackage(1).exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\CodecPackage.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\frostwire-5.6.5.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\Groovestream.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\iLividSetup-r343-n-bf(1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\iLividSetup-r343-n-bf.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\iLividSetup-r400-n-bf(1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\Downloads\iLividSetup-r400-n-bf.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Bob Mills\AppData\Local\Slick Savings\coupons.crx (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.

(end)

23robbie · Jan 24, 2014

still moving slow

23robbie · Jan 24, 2014

junkware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bob Mills on Mon 01/20/2014 at 21:10:25.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc
Successfully stopped: [Service] totalrecipesearch_14service
Successfully deleted: [Service] totalrecipesearch_14service

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1073416035-3056625011-4002085185-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
NextLive REG_SZ C:\Windows\SysWOW64\rundll32.exe "C:\Users\Bob Mills\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{03F3147C-CEA6-4AAE-B0AE-8D8ABE7A8080}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2502086B-5A46-4D05-8D5B-A1E77AB8BB32}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{396A4E14-83E7-4941-B0D9-B598E1B97197}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{76F3207C-3A0A-461B-B958-5653C5718243}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{895F3DBD-2484-4A14-A0EA-C3252EBB0FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8C4B563E-52A1-4A10-B700-F8BF1CD7B726}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{96B8A0EF-0D9D-4A92-B548-376DB4BBB58B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9E5C950C-93F2-46B4-A47E-8450FFF4D841}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A4503EC3-1111-4B62-8F46-0D88508F8A7B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A9C524BF-4044-402A-AA00-8C3B3DA86125}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B38FBAED-DED1-4BA6-BA2E-F2515FD49442}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B5EDE79D-B004-47DD-93F9-152B0D145914}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D0690E53-168C-4632-99B2-5700228F760F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\totalrecipesearch_14
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A3D54852-4B8E-4FA6-ADD4-69C5B2289688}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF331F4B-EB6D-44E6-ACB1-ED62299B90A0}

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\ammyy"
Successfully deleted: [Folder] "C:\Users\Bob Mills\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\Bob Mills\appdata\local\totalrecipesearch_14"
Successfully deleted: [Folder] "C:\Users\Bob Mills\appdata\locallow\totalrecipesearch_14"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\totalrecipesearch_14"
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{04AC901F-34E4-45D3-8DC0-F0797B078E07}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{04BA116C-8DC1-4F3A-B9F1-6BF0251C8655}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{0FCBDC87-40A5-4D17-9DC2-1EC9E7332E04}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{11AA5A47-6C4A-4050-88BD-39DEFC8498F4}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{16328224-BD6E-48A1-BBEE-B80368CD5C8E}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{1AC2547E-2A8B-4D60-BED9-235F94480416}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{1FD24DCA-633F-40F0-A47D-5CBA8AD9D33D}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{23B2FB59-BFAB-4137-8041-EAADB615ACE8}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{28AC2475-EB92-4CAA-9A4B-FD85254747B3}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{2DDB6E98-2055-428B-AE44-23614ABC7967}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{35EB016E-3706-4A59-8DDD-A8CE01106D6B}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{3D011B3B-147A-4E26-A392-9F4A7ED0992C}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{3F6C1E8E-8B66-4675-A733-3A888CD109BC}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{3F7F1F2A-3900-4D12-8D7B-26B3BFC27F42}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{40001946-6CB2-4181-AD8C-7ED2C46F484D}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{42F0CA1A-8408-4204-A5C0-80D7C464EB50}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{430B5836-A8DE-4EE3-A53C-C9E0960C2BB7}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{47AA2777-97F2-4E37-8B5A-F91F25E1B216}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{48972970-DABB-4006-962D-DBFFDE3CFA04}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{4E491B1C-BBF3-4055-A149-1D8D3CE5B625}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{51B4DF2A-5E79-49E4-8B03-F25E8BC43E1F}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{63DC89B1-2FC5-4221-84ED-3AAF24DC4A2D}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{6754A068-4F3B-4F0E-9DEA-B28C966A1FEC}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{692CAA20-8F38-4621-A667-87AB50F9E5B3}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{750DD19C-50F8-449E-AF3A-98E1F9BDD439}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{853F0716-059A-47F6-99BD-6C440C01D2BF}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{85C4DC85-FBAD-438E-B825-BB1B8002F9CF}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{8762F2CE-AABC-4B0D-B82E-A02B5D4E23A7}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{946F952D-4607-46D2-B214-A3A91FFDF37F}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{95E0E6F8-E1F4-4CD2-9EC8-597740208342}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{9842A0C7-B1FD-4354-99D5-31A1386437CA}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{99D2A436-B542-4172-8997-E7CF922AC0BC}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{9A96B6A3-08D8-48CF-BE6A-A1381C8B8A3D}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{A017484E-83DF-4070-A84E-10765197AD6E}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{A72820A6-5DD7-453B-91DB-8EA98B6804E8}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{ACFE2D25-E2E7-4026-AC10-34456C4FA54B}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{C964811A-60AE-48D9-9F7A-9BD61A19BBED}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{DF69350E-1550-49D9-B9AE-D870A5B24E5C}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{E22F5A86-44DA-4BD3-AC2F-28C60A1FA341}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{EB4FF484-EC5E-4F80-A2F2-40DC3E8E3457}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{FC842EB0-8F88-4AD2-9D4E-6FA7E36DBAB4}
Successfully deleted: [Empty Folder] C:\Users\Bob Mills\appdata\local\{FF26A0A5-8BBB-45ED-954B-E21C2D70A626}

~~~ FireFox

Successfully deleted: [File] C:\Users\Bob Mills\AppData\Roaming\mozilla\firefox\profiles\3xsu1gu1.default-1354774513716\searchplugins\my-web-search.xml
Successfully deleted: [Folder] C:\Users\Bob Mills\AppData\Roaming\mozilla\firefox\profiles\3xsu1gu1.default-1354774513716\extensions\savingsslider@mybrowserbar.com
Successfully deleted: [Folder] C:\Users\Bob Mills\AppData\Roaming\mozilla\firefox\profiles\3xsu1gu1.default-1354774513716\extensions\4zffxtbr@videodownloadconverter_4z.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\14ffxtbr@totalrecipesearch_14.com
Successfully deleted the following from C:\Users\Bob Mills\AppData\Roaming\mozilla\firefox\profiles\3xsu1gu1.default-1354774513716\prefs.js

user_pref("browser.search.defaultenginename", "Conduit Search");
user_pref("browser.search.selectedEngine", "Conduit Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP7A4854F6-C5B7-474D-B205-8D5B05530827&SSP
user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=");
user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
user_pref("extensions.toolbar.mindspark._14Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=D50B6777-5333-4FAA-9E3B-B93A94F22730&n=780b6213&ptnrS=YKxdm030YYus&
user_pref("extensions.toolbar.mindspark._14Members_.hp.enabled", false);
user_pref("extensions.toolbar.mindspark._14Members_.hp.user.defined", true);
user_pref("extensions.toolbar.mindspark._14Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._14Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._14Members_.installation.installDate", "2014011923");
user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerId", "YKxdm030YYus");
user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerSubId", "93571");
user_pref("extensions.toolbar.mindspark._14Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._14Members_.installation.toolbarId", "D50B6777-5333-4FAA-9E3B-B93A94F22730");
user_pref("extensions.toolbar.mindspark._14Members_.lastActivePing", "1390254648362");
user_pref("extensions.toolbar.mindspark._14Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._14Members_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._14Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._14Members_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._14Members_.weather.location", "29572");
user_pref("extensions.toolbar.mindspark.hp.enabled", false);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
user_pref("extensions.toolbar.mindspark.lastInstalled", "totalrecipesearch@mindspark.com");
user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=D50B6777-5333-4FAA-9E3B-B93A94F22730&n=780b6213&ind=2014011923&id=YKxdm030YYus&ptnr
user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP7A4854F6-C5B7-474D-B205-8D5B055308
Emptied folder: C:\Users\Bob Mills\AppData\Roaming\mozilla\firefox\profiles\3xsu1gu1.default-1354774513716\minidumps [81 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/20/2014 at 21:16:43.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

23robbie · Jan 24, 2014

still slow

johnb35 · Jan 27, 2014

Download and run Ccleaner. That should help a lot.

Darren · Jan 27, 2014

Make sure you create a backup of your registry clean if you do CCleaner.

23robbie · Jan 28, 2014

time warner gave me a new modem today but it still takes 3-4 secs to load new pages

johnb35 · Jan 28, 2014

Well, I just looked over your logs again and noticed a couple things.

1. According to Malwarebytes, you didn't let it remove this item here.

C:\Users\Bob Mills\AppData\Local\Temp\sp_downloader.exe (PUP.Optional.Conduit.A) -> No action taken.

You need to let it remove it. Can you do another malwarebytes scan and make sure you let it remove everything it finds.

2. According to junkware removal tool, you let someone have remote access to your system.

Failed to delete: [Folder] "C:\ProgramData\ammyy"

This software is installed when someone calls you and they say your system is infected and that they can help you clean it. You access a website to where they can remote into your system and they take over. Very bad thing to let happen. Never let anyone have remote access to your system unless you know them. The only people that will really know if you are infected or not is you and most likely your internet provider.

3. I also noticed you didn't post the adwcleaner log. Can you post that one please.

While you are at it, please do the following.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

2.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

Combofix
When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
Please click on yes in the next window to continue scanning for malware.
ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.

In your next reply please post:

The ComboFix log
An update on how your computer is running

23robbie · Feb 16, 2014

Thanks guys

Turns out it was my modem from time warner. they replaced it and I am fast again

Waiting on google

23robbie

New Member

Twiki

Active Member

23robbie

New Member

Twiki

Active Member

johnb35

Administrator

23robbie

New Member

johnb35

Administrator

23robbie

New Member

23robbie

New Member

23robbie

New Member

23robbie

New Member

johnb35

Administrator

Darren

Moderator

23robbie

New Member

johnb35

Administrator

23robbie

New Member