Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow system + scans finding multiple threats + trouble booting [Solved


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Yes we have only recently learned of this infection and we are still developing our tools to cope. Maybe some residual corruption or even some leftover infection.
 
Let's do this:
 
Open notepad.

Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

EmptyTemp:

This Registry file is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
After that
 
Run System File Checker:

  • Press the Windows plus the X keys and release. This will open the Power User Tasks Menu.
  • If you don't have a keyboard then:
    • In Windows 8 or Windows RT, move the pointer all the way to the lower left corner of any connected display screen until you see the Start button display, then right click on the Start button.
    • On your desktop in Windows 8.1 or Windows RT 8.1, right click on the Start button on the taskbar of any connected display.
  • Click or tap on the Command Prompt (Admin)
  • A black screen will open
  • At the command prompt type sfc /scannow (note the space... it should be there) and press Enter

System File Checker will commence. It may take a while.

When finished you should see a message something along the lines of "found corrupt files and repaired them"

 

When you return please post

  • Fixlog.txt
  • and tell me how System File Checker went

  • 0

Advertisements


#17
TedTanglewood

TedTanglewood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Here's the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Arlene at 2014-11-07 16:56:13 Run:2
Running from C:\Users\Arlene\Desktop
Loaded Profiles: UpdatusUser & Arlene (Available profiles: UpdatusUser & Arlene)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
EmptyTemp:
*****************

EmptyTemp: => Removed 10.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

The System File Checker seemed to be going okay for awhile.  Initially it said:

 

"Beginning verification phase of system scan.

Verification 53% complete."

 

The percentage was climbing until it hit 53, then stopped, and gave this message:

 

"Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not supported in offline servicing scenarios."


  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Couple of questions:

 

Might be third party applications causing the issue and the ones we need may have been fixed so how is your computer now?

 

Do you have an installation disk for that machine?


  • 0

#19
TedTanglewood

TedTanglewood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Speed-wise, back to normal, I'd say.  No troubles booting and no AVG popup warnings either.  Tonight's AVG scan came up clean, the first one in days.

 

The only thing that still kind of appears hinky is that I still can't open a pdf in IE.  (I'm trying to print a shipping label.)  Usually, I click the link, IE asks if I want to save or open, I hit open and it comes up in a new tab.  Now, instead, I click the link and a new tab opens and a popup box titled "Security Alert" appears.  It reads: "Your security settings do not allow this file to be downloaded."  The only options are to x-out of the box or hit OK.

 

 

Unfortunately we do not have an installation disk for this computer.


  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

I have copied this from Microsoft, hopefully it applies to your version of IE:

  • a.    Open Internet Explorer.
  • b.    Click Tools and then options.
  • c.    Click on the security tab.
  • d.    Select the Internet Zone.
  • e.    Click on the Custom Level Button and then scroll down to Download.
  • f.     Make sure to enable File download.
  • g.    Click Apply and Ok
  • h.    Restart Internet Explorer and check if that helps.

 

Edit

 

I have just checked my IE 11 and put together these instructions that might be more helpful:

 

To re-set security settings in IE to allow File downloads:
 

  • Open Internet Explorer
  • Click Settings cog (top right) > Internet options.
  • Click on the security tab.
  • Click on the Custom Level Button and then scroll down to Downloads
  • Make sure File download is enabled
  • Click Apply (if it is there) and then OK
  • Restart Internet Explorer and tell me if that helps.

 


  • 0

#21
TedTanglewood

TedTanglewood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Worked like a charm!


  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Excellent news. :thumbsup:

 

I think you are good to go.

 

We have a couple of last steps to perform and then you're all set. :)

To clear away the tools we have been using download Delfix from here.

Put a check (tick) in the following boxes:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset System Settings
  • Then click Run

The tool will run for a short time. When completed a notepad window will open with a log. Please copy and paste the log back here.

Any remaining tools may be deleted.
-------------------------------------------------------------------------------------------------------------------

A reminder:  Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

A while back over 100 million Adobe users e-mail and other information were hacked. Users were asked to change their passwords following the hack and you can go to the link below to check your e-mail to see whether you were one of the 150 million.

https://lastpass.com/adobe/

If you are on the list, all passwords should be changed including those used for banking, email, eBay, paypal and online forums.

------------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

You also need to unininstall older versions of Java.

  • Open Control Panel by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the upper-right corner of the screen, moving the mouse pointer down, and then clicking Search)
  • Enter Control Panel in the search box and then tap or click Control Panel.
  • Control Panel > Uninstall a Program
      
  • Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

  • Open Control Panel by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the upper-right corner of the screen, moving the mouse pointer down, and then clicking Search)
  • Enter Control Panel in the search box, and then tap or click Control Panel.
  • Click/tap System and Security > Windows Update
  • Under Windows Update click on Turn automatic updating on or off
  • Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

 


  • 0

#23
TedTanglewood

TedTanglewood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Here's the Delfix log:

 

# DelFix v10.8 - Logfile created 07/11/2014 at 22:16:24
# Updated 29/07/2014 by Xplode
# Username : Arlene - HARRIET
# Operating System : Windows 8  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Arlene\Desktop\Addition.txt
Deleted : C:\Users\Arlene\Desktop\AdwCleaner.exe
Deleted : C:\Users\Arlene\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Arlene\Desktop\Fixlog.txt
Deleted : C:\Users\Arlene\Desktop\FRST.txt
Deleted : C:\Users\Arlene\Desktop\FRST64.exe
Deleted : C:\Users\Arlene\Desktop\JRT.exe
Deleted : C:\Users\Arlene\Desktop\JRT.txt
Deleted : C:\Users\Arlene\Desktop\Search.txt
Deleted : C:\Users\Arlene\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Arlene\Downloads\Extras.Txt
Deleted : C:\Users\Arlene\Downloads\OTL.Txt
Deleted : C:\Users\Arlene\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #77 [Scheduled Checkpoint | 10/20/2014 13:25:59]
Deleted : RP #78 [Scheduled Checkpoint | 10/29/2014 14:59:07]
Deleted : RP #79 [Scheduled Checkpoint | 11/07/2014 19:15:05]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

 

Thank you so much for all your help!


  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

You are very welcome. :)

 

I will keep this topic open for a few days in case any issues arise.


  • 0

#25
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP