Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC running slow [Solved]


  • This topic is locked This topic is locked

#16
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Your machines Hard-Drive could do with some in-depth maintenance but we can address that in due course...

For now carry out the below for myself please and we will then go from there.

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:Files
C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml

:Commands
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Double-click on adwcleaner.exe to launch the application.
  • Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
  • Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt
  • 0

Advertisements


#17
Nicole1

Nicole1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Dakeyras,
Not sure if you required the OTL log,I have included it anyway

ll processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: carey

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest.GILLIES
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: nicole
->Temp folder emptied: 2286394 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29018139 bytes
->Flash cache emptied: 553 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130581575 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 143182086 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 291.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09182013_215546

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#18
Nicole1

Nicole1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
AdwCleaner report

# AdwCleaner v3.004 - Report created 18/09/2013 at 22:04:51
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : nicole - GILLIES
# Running from : C:\Documents and Settings\nicole\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\nicole\Local Settings\Application Data\AVG Security Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\Software\SearchCore for Browsers
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C878CD69-85DB-426B-81A3-E71175AAEB91}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Documents and Settings\nicole\Application Data\Mozilla\Firefox\Profiles\8bb0prej.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2557 octets] - [18/09/2013 22:02:13]
AdwCleaner[S0].txt - [2516 octets] - [18/09/2013 22:04:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2576 octets] ##########
  • 0

#19
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Not sure if you required the OTL log,I have included it anyway

Aye that I did and thank you.

Hard-Drive Maintenance/Repair:

Note: For the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and depress the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the log file first!
  • Now click on: Posted Image
  • Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#20
Nicole1

Nicole1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Dakeyras,
ESET log as requested

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6746b5c67687fe45b4b996175177b499
# engine=15195
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-20 11:38:53
# local_time=2013-09-20 11:38:53 (+1200, New Zealand Standard Time)
# country="New Zealand"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 85 93 6016553 155555405 0 0
# scanned=52833
# found=3
# cleaned=0
# scan_time=2911
sh=3866D78F233E5458C3244043B43006E9B3213582 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\nicole\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\23\26e8f17-5ae445c2"
sh=AAC20AA5A24E6D5258A9EEACF399A09EC63DC9B4 ft=1 fh=761f52bbd8f193b0 vn="multiple threats" ac=I fn="C:\System Volume Information\_restore{8FA2DB1B-2ACD-48B4-84C1-81C39B43B7FB}\RP1027\A0191156.exe"
sh=C426F2F091B06CB782A96C06BE8E0FC73BB61605 ft=1 fh=a8f656b14796d891 vn="a variant of Win32/PerfectUninstaller application" ac=I fn="C:\_OTL\MovedFiles\09152013_125928\C_Program Files\Best Uninstall Tool\BUT.exe"
  • 0

#21
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Lets deal with the results of the online scan first as follows...

Using Windows Explorer (to get there right-click your Start button and go to Explore), please delete this folder (if present):

C:\Documents and Settings\nicole\Local Settings\Application Data\Sun

Then empty the Recycle Bin.

New Adobe Reader Installation:

  • Go/click here to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Follow the prompts during the installation process >> select Manually check for and install updates >> Install> >> Finish
  • After the new Reader is installed, Open Adobe Reader X.
  • OK the license.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button.
Next:

Let myself know when completed the above and if any further issues remaining...

If not we will clean up all tools used during the Malware Removal process and I will provide some advice about online safety etc.
  • 0

#22
Nicole1

Nicole1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Dakeyras,
Adobe is all installed, there are no issues, our computer is running great :thumbsup:

Thanks
Nicole
  • 0

#23
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Adobe is all installed, there are no issues, our computer is running great :thumbsup:

Thanks

Good and you're welcome....

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

AdwCleaner Uninstall:

  • Double-click on AdwCleaner.exe to start the program
  • Click on Uninstall >> Yes, this will remove the application and its log(s) etc.
Reset SR Points/Clean up with OTL:

  • Double-click on OTL to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, avast! Free Antivirus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Security Tips:

This is a very helpful/useful set of advice from Microsoft:

Microsoft Safety & Security Center

As is this web-page, which is worth bookmarking/reading for future reference:-

Securing Your Web Browser

Keep your system updated:

Microsoft releases patches for Windows and other products regularly, you can check manually via:-

Start >> All Programs >> Windows Update

Plus check Automatic Updates is enabled.

Note: Support for Windows XP is ending on April 8, 2014

Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening. Never open emails from unknown senders. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo or MajorGeeks.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Consider a custom Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Consider installing WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Check your third party software is up to date:

Via considering the download and installation of the FileHippo Update Checker...As certain software when out of date can be deemed a security risk and in turn can be exploited by malware.

Next:

Any questions? Feel free to ask, if not stay safe!
  • 0

#24
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP