Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer is now running slow [Solved]


  • This topic is locked This topic is locked

#16
OCman

OCman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Ok, had 10 or so windows open and no sluggishness!!!

 

sweet

 

peace


  • 0

Advertisements


#17
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Excellent news! :)

 

Next steps...

 

CryptoPrevent install this programme to lock down and prevent crypto ransom-ware. (This is really important!)

CryptoPrevent.JPG

 

 

We'll search for some remnants that might be hiding.
 
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update
 
  • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

MBAMsettings.JPG

 
  • Go back to the Dashboard and select Scan Now

MBAMScan.JPG

 
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot

MBAMReboot.JPG

 
  • On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop.

MBAMLog.JPG

 
 
Please post that log for my review.

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

 

Security Check

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Make sure you post back the results of the Security Check and we'll figure out where you are with that. Also, don't disappear on me as I still have a few more scans for your to run and a little more clean up to do including the Tools that we used.

 

 

 


  • 0

#18
OCman

OCman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Here you go in order:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/2/2014
Scan Time: 2:50:32 PM
Logfile: malwarebytes log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.02.10
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Jerry
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312874
Time Elapsed: 14 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=52826e8f2d302a439eac83e9de7a6859
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-15 03:52:02
# local_time=2010-12-14 07:52:02 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 1153692 1153692 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=231213
# found=1
# cleaned=0
# scan_time=7116
K:\Software\Ahead Nero 7.10.1.2\Nero-7.10.1.2_all_update.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=52826e8f2d302a439eac83e9de7a6859
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-16 03:20:26
# local_time=2010-12-15 07:20:26 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 1238052 1238052 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=230829
# found=1
# cleaned=0
# scan_time=7261
K:\Software\Ahead Nero 7.10.1.2\Nero-7.10.1.2_all_update.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=52826e8f2d302a439eac83e9de7a6859
# engine=19969
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-03 04:39:44
# local_time=2014-09-02 09:39:44 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=268284
# found=9
# cleaned=0
# scan_time=9822
sh=456E44767FB6DA66FF51220ABE10C5AEB3D9882F ft=1 fh=86177c92950d81b3 vn="multiple threats" ac=I fn="C:\Documents and Settings\Jerry\Application Data\serv\setup_fst_us.exe"
sh=44277FD9DFF9F7C25545BA7603A1517CF82B259A ft=1 fh=da27a1ff4c765f78 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\003\t\00\00000000"
sh=52866C3511071A28FDDC1A30F7C9249D66F867B0 ft=1 fh=fb27b7b2e78705d6 vn="a variant of Generik.GWZTJVB trojan" ac=I fn="C:\Documents and Settings\Jerry\My Documents\Centex\Homestore_Desktop_Tour_MLS_IDPLAN_32X-Brea.exe"
sh=63A0348B85FF089C1948097E30F893179552830D ft=1 fh=c942d1e727b76f5f vn="a variant of Win32/AdWare.iBryte.BD application" ac=I fn="C:\Documents and Settings\Jerry\My Documents\Downloads\Setup (1).exe"
sh=44277FD9DFF9F7C25545BA7603A1517CF82B259A ft=1 fh=da27a1ff4c765f78 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Documents and Settings\Jerry\My Documents\Downloads\Setup.exe"
sh=103A2AFF06A29793D4855E347FBAAB1D0A5A2420 ft=1 fh=5f8a4eebc9e2f813 vn="a variant of Win32/SquareNet.A potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{15450FB0-43B7-4032-A3FE-F35874232A2B}\RP1329\A0157013.exe"
sh=52943438A3495B3CB413EA792D6F9A1FEDA78515 ft=0 fh=0000000000000000 vn="a variant of Generik.GWZTJVB trojan" ac=I fn="K:\JERRY'S BACKUP FILE FOR FILE\20100718_205032_Full Backup - 07-04-2010.nba"
sh=52866C3511071A28FDDC1A30F7C9249D66F867B0 ft=1 fh=fb27b7b2e78705d6 vn="a variant of Generik.GWZTJVB trojan" ac=I fn="K:\JERRY'S BACKUP FILE FOR FILE\My Documents\Centex\Homestore_Desktop_Tour_MLS_IDPLAN_32X-Brea.exe"
sh=B595DDCE2BF564DE7C3AB3C6D36260D9719CD649 ft=1 fh=4e90af6c2142c094 vn="a variant of Win32/Keygen.DS potentially unsafe application" ac=I fn="K:\Software\Ahead Nero 7.10.1.2\_\keymaker.exe"
 
 
 

Results of screen317's Security Check version 0.99.87  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Symantec Endpoint Protection   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 67  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 2% 
````````````````````End of Log`````````````````````` 
 
 

  • 0

#19
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Were you able to do Crypto Prevent without issues?

 

You Adober Reader is out of date.
You can obtain the latest version of Adobe Reader from here, and the latest version of Flash Player from here.
For more information and links to Adobe updates and downloads click here.

After the new Reader is installed, Open Adobe Reader X.
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button.

Last, how is the machine running?


  • 0

#20
OCman

OCman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Google Chrome says adobe acrobat is up to date, but I also use an older version of IE8.

 

System is running good...;-)


  • 0

#21
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Good news ----- Your log appears clean  

 

My best suggestion is that you update Adobe to the current version. There are four threat vectors that hit PC's hardest these days, Adobe vulnerabilities, Flash Vulnerabilities, Operating System vulnerabilities and use of P2P software. You are good on all except Adobe. I will note that XP is in limited update these days, but you know that right?

 

That said, I'm going to send you on your way! If you have questions, issues, etc. Don't hesitate to stop back.

 

A good workman always cleans up after himself so..The following piece of code will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransom-ware. (This is really important!)

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe wavey.gif.pagespeed.ce.4AQn4GwL8t.gif

 

If you have any questions or further problems, feel free to stop back It's been a pleasure!!

 

I keep the topic open for a few days in case you have questions. :thumbsup:


  • 0

#22
OCman

OCman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Thanks for the help, I appreciate it!!!

 

peace


  • 0

#23
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

You are very welcome! :)


  • 0

#24
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP