[Essexboy]

There is a way of reducing boot times however, it will take an hour or so to run

Download the SDK web installer from here
Run the installer and select the following:

Leave the location to default


Windows Performance Toolkit


You must reboot on completion of the install

After reboot set aside about 30 minutes when you will not need the computer

When ready start an elevated command prompt :

Go Start > All Programs > Accessories
Right click Command Prompt and select Run as Administrator

Then copy and paste the following command into the black box :

xbootmgr -trace boot -prepSystem -verboseReadyBoot



Now your PC will be restarted 6 times. With a two minute pause before the tool runs after the desktop loads
After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster
The last Reboots are training of readyBoot. After the training is finished, you'll notice a huge improvement in startup.

Readyboot
 

The logical prefetching described above is used when the system has less than 512MB of memory. If the system has 700MB or more then an in-RAM cache is used to further optimize the boot process (its not clear from the book whether or not this ReadyBoot cache completely replaces the logical prefetching approach or just builds on it, my assumption is that both work together).
After each boot the system generates a boot caching plan for the next boot using file trace information from up to the five previous boots which contains details of which files were accessed and where on the disk they were located. These traces are stored as .fx files in the

[Advertisements]

Okay thanks i will do that, and i have  a question, i can do the same things that you told me to do in another computer that is the same computers?, my famili brought a laptop in the same store, at the same time, and same everything, its recently formatted two, the only diference beetwen that computer and mine, its that the other one have trend micro internet security installed, or all this repairs its for my computer?

[samidelcueva]

Okay thanks i will do that, and i have  a question, i can do the same things that you told me to do in another computer that is the same computers?, my famili brought a laptop in the same store, at the same time, and same everything, its recently formatted two, the only diference beetwen that computer and mine, its that the other one have trend micro internet security installed, or all this repairs its for my computer?

[Essexboy]

In each case the fixes are tailored to that system so if the other system has problems then it will need its' own solution

[samidelcueva]

okay, perfect, thanks,

 

I have another question, I need to follow the steps of putting that command on the cmd, after every reboot manually?, or I have to wait that it would do the work alone, because I put the command and reboot one time, and then nothing happens

[samidelcueva]

Oh it's seems that it's already working, I don't know why the first time didnt work

[samidelcueva]

well it's done, it's a next step remaining, or with that my pc is ready?, ( I see it's very fast now).

and I was thinking to do some malware scanning and see if the scanners found something.

Edited by samidelcueva, 25 July 2015 - 05:01 PM.

[Essexboy]

No the command only needs to be entered once to run the whole process

Please download Malwarebytes Anti-Malware to your desktop

• Double-click mbam-setup-version.exe and follow the prompts to install the program.
• At the end, be sure a check-mark is placed next to the following:
  • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
  • Launch Malwarebytes Anti-Malware
• Then click Finish.
• If an update is found, you will be prompted to download and install the latest version.
• Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
• When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
• Reboot your computer if prompted.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:



1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here

[samidelcueva]

I attach the MBAM log:

 

but also I put yesterday some other scanners, and some found nothing, but others find something:

 

Junkware Removal tool find these:

 

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41C9-AAE8-31F2EC22BF0D}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}

 

~~~ Files

Successfully deleted: [File] C:\Users\samuel\AppData\Roaming\sp_data.sys (This always appears when I put JRT)

 

Emsisoft emergency kit, (these ones appears again and again):

 

Scan start: 7/25/2015 9:29:59 PM
Value: HKEY_USERS\S-1-5-21-401314101-946683506-2006832327-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-401314101-946683506-2006832327-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)

 

and after it supposed that emssoft delete those registry entries, panda cloud cleaner found this ones again, and other things, but I think that its a FP's:

 

Unknown. FILE: C:\PROGRAM FILES (X86)\ASUS\ASUS LIVE UPDATE\UPDATECHECKER.EXE to be deleted.

Unknown. TASK: Task\[Update Checker]. Task to be deleted.

Unknown. FILE: C:\PROGRAM FILES (X86)\ASUS\WEBSTORAGE\2.1.2.301\ASUSWSWINSERVICE.EXE to be deleted.

Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\Asus WebStorage Windows Service. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES (X86)\ST MICROELECTRONICS\ST_ACCEL\FFP_MANAGER.EXE to be deleted.

Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[ASUS HDD Protection Tray Application]. Value: ASUS HDD Protection Tray Application To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

 

 

and thanks for everything, I notice my computer is more faster.

 

 

 

Attached Files

•  mbam.txt   1.25KB   217 downloads

[Essexboy]

The great majority of those are files that can be used for good or bad, in this case none are bad

Is windows updating OK now as well ?

Any other outstanding niggles ?

[samidelcueva]

oh okay, well I think its everything, my computer it seems to be very good, thanks for all the help, and yes windows is updating right now.

i told to my family the work that do in this forum, and they were thinking to submit the computer that we think that infected us all, could you please help me with that pc?   

[Essexboy]

For sure, do you want to continue in this thread as it may be easier that way

Meanwhile for your computer

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programme:

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe

[samidelcueva]

you are awesome, and yes, continue in this tread is the best option, because that computer have the problems that I had but "Problems x 3", it is a turtle  .

and sure I will follow the security recommendations.

 

I will post the FRST log in a moment.

[Essexboy]

OK ready when you are, also could you give me a synopsis of the problem

[samidelcueva]

ok, the problem in this computer is a slow startup, and the browser and some programs two, one time when i was chatting with a geekbuddy technician, the computer restart by itself, and the pc have two users, in one of the two users the situation is worse than the other one, and i think thats all, i have run many  malware scans, and sometimes finds something, but the computer performance dont have a marked improvement.

 

 

Attached Files

•  FRST.txt   64.07KB   229 downloads
•  Addition.txt   63.03KB   287 downloads

[Essexboy]

A bit of an overkill on the security programmes

I have just and AV and unchecky with MBAM if I remember

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-07-20] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-07-25] (alch)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path Or update_url value
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-07-20] (Comodo Security Solutions, Inc.)
S4 sjzgxw; No ImagePath
S0 uezndl; No ImagePath
S4 vqdtrh; No ImagePath
U2 TMAgent; No ImagePath
2015-07-17 23:09 - 2015-07-17 23:13 - 00000000 ____D C:\ProgramData\F-Secure
2015-07-17 23:09 - 2015-07-17 23:09 - 00000000 ____D C:\Users\Rocio\AppData\Local\F-Secure
2015-07-15 23:32 - 2015-07-15 23:32 - 00380416 _____ C:\Users\Rocio\Downloads\vy5gb233.exe
2015-07-10 11:54 - 2015-07-10 11:54 - 00000738 _____ C:\Windows\SysWOW64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
C:\Users\Invitado\R41301.EXE
C:\Users\Invitado\R46346.EXE
C:\Users\Invitado\R49651.EXE
C:\Users\Invitado\R64290.EXE
C:\Users\Invitado\R64913.EXE
C:\Users\Invitado\R69396.EXE
C:\Users\Rocio\grub.exe
C:\Users\Rocio\RarExt.dll
C:\Users\Rocio\rarnew.dat
C:\Users\Rocio\rescue2usb.exe
C:\Users\Rocio\syslinux.exe
C:\Users\Rocio\zipnew.dat
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.