Solved Slow laptop, many chrome.exe*32 processes running

Mamabeanie

New Member
Thread author
Sep 24, 2015
10
Hi, my laptop is running really slowly and has got a lot worse recently. At times it isn't too bad but it doesn't take much for it to become overwhelmed - today it ground to a halt completely. I would be incredibly grateful if you can help in any way. Thank you.
 

Attachments

  • Addition_24-09-2015_12-10-33.txt
    35.1 KB · Views: 1
  • FRST_24-09-2015_12-10-33.txt
    91.2 KB · Views: 1

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.

  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.




warning.gif
Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.



51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 

Mamabeanie

New Member
Thread author
Sep 24, 2015
10
Hi and thank you for taking the time to reply.

Zoek.exe v5.0.0.0 Updated 23-09-2015
Tool run by User on 25/09/2015 at 8:23:28.10.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25/09/2015 08:28:48 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\iMesh Applications deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\User\AppData\Roaming\HP Support Assistant deleted successfully
C:\Users\User\AppData\Local\calibre-cache deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3126409496-4131717126-2509159792-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-3126409496-4131717126-2509159792-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-3126409496-4131717126-2509159792-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-3126409496-4131717126-2509159792-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F0CCE5DE-FC36-4BAB-9728-4DAE00D768DB} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F0CCE5DE-FC36-4BAB-9728-4DAE00D768DB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F0CCE5DE-FC36-4BAB-9728-4DAE00D768DB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\APNMCP deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.8.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.8.0 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5mbvcekw.default

user.js not found
---- Lines mysearch removed from prefs.js ----
user_pref("browser.startup.homepage", "Search
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_092015_0850_.backup

==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~2\iMesh Applications not found
C:\PROGRA~2\Windows Live SkyDrive deleted
C:\Users\User\AppData\Roaming\calibre deleted
C:\Users\User\.android deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted
C:\PROGRA~2\AVG Security Toolbar deleted
C:\install.exe deleted
C:\PROGRA~3\AskPartnerNetwork deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\hpqp.txt deleted
C:\PROGRA~3\Avg_Update_0215tb deleted
C:\PROGRA~3\Avg_Update_0414c deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\Avg_Update_1114tb deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\AVG Secure Search deleted
C:\PROGRA~3\AVG SafeGuard toolbar deleted
C:\Users\User\AppData\Local\AVG SafeGuard toolbar deleted
C:\Users\User\AppData\Local\AskPartnerNetwork deleted
C:\Users\User\Downloads\avg_free_stb_all_2014_4355_cnet.exe deleted
C:\Users\User\Downloads\iMeshSetup-r1477-w-bc.exe deleted
C:\Users\User\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
"C:\Windows\Installer\6e7983.msi" deleted
"C:\PROGRA~2\AVG SafeGuard toolbar\vprot.exe" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.8.0\avgdttbx.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.8.0\SiteSafety.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.8.0\log4cplusU.dll" deleted
"C:\PROGRA~2\AskPartnerNetwork" deleted
"C:\PROGRA~2\AVG SafeGuard toolbar" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.8.0" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.8.0" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.8.0" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5mbvcekw.default
user_pref("browser.search.defaultenginename", "AVG Secure Search");
user_pref("browser.search.selectedEngine", "AVG Secure Search");
user_pref("keyword.URL", "");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [15/08/2014 05:47]

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5mbvcekw.default
- LF PQ Quiz - %ProfilePath%\extensions\lfpqquiz@example.net.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 45.0.2454.99

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaaiabcopkplhgaedhbloeejhhankf - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17]

Search App By Ask v2 - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Angry Birds - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
OneTab - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
Logitech Smooth Scrolling - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
Zen - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmofjjidekmconddponmfdimclhnanj
Purple - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hleinhdbkhedipcodhkpdojjcnnlkjha
Eye Dropper - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka
Momentum - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca
Chrome Hotword Shared Module - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
AVG Secure Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Save to Pocket - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Search App By Ask v2 - User\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Momentum - User\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\laookkfknpbbblfpciffpaejjkokdgca
Chrome Hotword Shared Module - User\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Hotword Shared Module - User\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Search App By Ask v2 - User\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Leapforce - User\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\belncckcaakhmonmcfmegbglccbjlebc
RaterAide - User\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bhlblfbajhmkflfamdiiccdohdkbdaon
Sunflowers - User\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\iempnicmekabbnffhpbkdjkmelcpjlep
RaterAide PQ Search - User\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ilobhiadnbcdmgnflkkdjaecmafmajcf
Chrome Hotword Shared Module - User\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Search App By Ask v2 - User\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Chrome Hotword Shared Module - User\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - User\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Search App By Ask v2 - User\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Chrome Hotword Shared Module - User\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - User\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Search App By Ask v2 - User\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Chrome Hotword Shared Module - User\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Search App By Ask v2 - User\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Chrome Hotword Shared Module - User\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Chromium Fix ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsty.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsty.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_www.lyrics.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_www.lyrics.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_homes.trovit.co.uk_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_homes.trovit.co.uk_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_wordfinder.yourdictionary.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_wordfinder.yourdictionary.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.e2save.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.e2save.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_static.cda.pl_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_static.cda.pl_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 10\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 10\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d285jf08b4wonc.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d285jf08b4wonc.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d30ke5tqu2tkyx.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d30ke5tqu2tkyx.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3b3ehuo35wzeh.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3b3ehuo35wzeh.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3l3lkinz3f56t.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3l3lkinz3f56t.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_d30ke5tqu2tkyx.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\https_d30ke5tqu2tkyx.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\https_d3b3ehuo35wzeh.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\https_d3b3ehuo35wzeh.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uk.ask.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uk.ask.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_uk.ask.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_uk.ask.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_www.ask.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_sultan-domesticservices.co.uk_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_sultan-domesticservices.co.uk_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.productsandservices.bt.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.productsandservices.bt.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_adservices02.picadmedia.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_adservices02.picadmedia.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_motorwayservicesonline.co.uk_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Local Storage\http_motorwayservicesonline.co.uk_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Local Storage\http_www.freelogoservices.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Local Storage\http_www.freelogoservices.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hotukdeals.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hotukdeals.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Search 12:55:50&v=18.8.0.179&pid=safeguard&sg=&sap=hp"
"Default_Page_URL"="AOL.co.uk | Breaking News, Sport, Features and Video"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos"
"Start Page"="Google"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{8D110857-AB9A-43AE-96C2-C4192A77D4CF}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="{searchTerms} - Google Search"
{316A4297-272D-47A2-9F74-8D0DAC2B09D2} Kelkoo Url="http://uk.kelkoopartners.net/ctl/do...e&x=true&y=true&partner=hp&partnerId=96913936"
{8D110857-AB9A-43AE-96C2-C4192A77D4CF} AOL Search Url="%7BsearchTerms%7D - AOL Search results"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC02210 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C2201} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC02210 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZTI15MV will be deleted at reboot
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0C2I3RU will be deleted at reboot
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V8SNTP5S will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\5mbvcekw.default\Cache will be emptied at reboot
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\5mbvcekw.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 10\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 11\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 5\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 6\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 7\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 8\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 9\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1944 folders=580 170687692 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZTI15MV" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0C2I3RU" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V8SNTP5S" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 25/09/2015 at 9:13:29.46 ======================
 

Mamabeanie

New Member
Thread author
Sep 24, 2015
10
I think it is a bit faster, although webpages are taking a long time to load. Is that likely to be due to slow internet connection and/or having lots of chrome tabs open? (Please forgive my ignorance - the inner workings of a computer aren't my strong point!)
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's use FRST one more time:


FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 

Mamabeanie

New Member
Thread author
Sep 24, 2015
10
My fan runs most of the time too, although it has been doing that for a very long time - I have no idea why.
 

Mamabeanie

New Member
Thread author
Sep 24, 2015
10
I forgot to run it as an administrator the first time so I have included both sets of results in case there is information you need in there.
 

Attachments

  • Addition_25-09-2015_11-37-03.txt
    35.2 KB · Views: 1
  • Addition_25-09-2015_11-39-27.txt
    35.2 KB · Views: 0
  • FRST_25-09-2015_11-37-03.txt
    87.2 KB · Views: 2
  • FRST_25-09-2015_11-39-27.txt
    87.3 KB · Views: 0

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Logs look clean, but let's run one more scan:


51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 

Mamabeanie

New Member
Thread author
Sep 24, 2015
10
For some reason it kept saying file empty when I tried to export, save and upload so I hope that this is the information you need.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25/09/2015
Scan Time: 12:21
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.25.01
Rootkit Database: v2015.09.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370806
Time Elapsed: 17 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, Quarantined, [9b7a80b4ff8c5adc81270d28e71cd22e],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, [e233c371acdf3ff78720280d5fa402fe],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-3126409496-4131717126-2509159792-1000\SOFTWARE\AskPartnerNetwork, Quarantined, [c550d65e8cff6ccae9be94a16a9920e0],

Registry Values: 1
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ApnTBMon, "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe", Quarantined, [73a266ce6724ec4a1297b67ff31045bb]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

Mamabeanie

New Member
Thread author
Sep 24, 2015
10
Hi, I think it's a bit faster in general - web pages still take quite a while to load, but I guess that must be due to line speed and/or having too many tabs open? My laptop is a good few years old now so perhaps this is as good as it'll get!
 

Mamabeanie

New Member
Thread author
Sep 24, 2015
10
Can I ask quickly - is there anything I can do to stop my fan from running so much? I already have my laptop raised up on a stand to try and help it cool. is it likely to just be due to it's age?
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
It is probably dust problem and your laptop is overheating. You need to clean it (by visiting repair shop) as soon as possible if you don't want it to melt down.
 

Mamabeanie

New Member
Thread author
Sep 24, 2015
10
I am so sorry - the past few days have been crazy and I completely forgot to come back and reply. Thank you so much for all of your help.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top