boots up very slow after trying to remove PUP.Bundle.Installer.OI, PUP
Started by
meandmy3tees
, Aug 01 2013 05:55 PM
#1
Posted 01 August 2013 - 05:55 PM
#2
Posted 02 August 2013 - 12:00 AM
Download the adwCleaner
Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.
* Disable any script blocking protection
* Double click dds.pif to run the tool. (Vista and Win 7 please right click and Run As Admin)
* When done, two DDS.txt's will open.
* Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt.
Ron
- Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the Delete option - When the scan completes, it will open a notepad windows.
- Please, copy the content of this file in your next reply.
Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.
* Disable any script blocking protection
* Double click dds.pif to run the tool. (Vista and Win 7 please right click and Run As Admin)
* When done, two DDS.txt's will open.
* Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt.
Ron
#3
Posted 02 August 2013 - 05:27 PM
Thank you for taking the time to help. I have done a lot since I wrote this. It seems to be working better. But it is still slow starting and opens windows I have not opened by itself. And it takes along time to start up. So something is still wrong. Not sure if it will restore or not. Not wanting to try it since I just made all the changes I made.
AdwCleanerR1.txt 33.34KB
119 downloads
attach.txt dds.txt 22.93KB
173 downloads
dds.txt 2.txt 20.71KB
224 downloads. Thank you again for helping me....
#4
Posted 02 August 2013 - 06:33 PM
Unnstall:
Anti-phishing Domain Advisor
AVG 2013 (You have Microsoft Security Essentials - two anti-viruses are not good. They fight each other.)
Bing Bar
Coupon Alert Firefox Toolbar
Free Download Manager 3.9.2
InternetHelper1.5 Toolbar
Malwarebytes Anti-Malware version 1.75.0.1300 (Not working)
Download aswMBR.exe to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
ComboFix
:!: It must be saved to your desktop, do not run it from your browser:!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Double click on ComboFix to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.
If TDSSKiller alerts you that the system needs to reboot, please consent.
Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.
Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then Run it.
If it doesn't do it for you:
Reboot.
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Get Process Explorer
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a minute then:
File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
Get the free version of Speccy:
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.
Anti-phishing Domain Advisor
AVG 2013 (You have Microsoft Security Essentials - two anti-viruses are not good. They fight each other.)
Bing Bar
Coupon Alert Firefox Toolbar
Free Download Manager 3.9.2
InternetHelper1.5 Toolbar
Malwarebytes Anti-Malware version 1.75.0.1300 (Not working)
Download aswMBR.exe to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
ComboFix
:!: It must be saved to your desktop, do not run it from your browser:!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Double click on ComboFix to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.
If TDSSKiller alerts you that the system needs to reboot, please consent.
Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.
Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then Run it.
If it doesn't do it for you:
Reboot.
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Get Process Explorer
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a minute then:
File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
Get the free version of Speccy:
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.
#5
Posted 03 August 2013 - 01:05 PM
I am so sorry but I'm a little confused on one of your directions, after running TDSSKiller you say to right click on my computer then click manage and then click event viewer and then windows log then right click on system and clear the log. Are you referring to right clicking on system error records and then clearing all events. After I clicked on event viewer there were logs that came up in the window next to it. and the last one was system error logs and if i rt. click on that it says clear all events. Is that what I am suppose to do? I am sorry I just don't want to do anything wrong.. When I clicked on clear all events it gave me a window asking if I wanted to save system first. Im a bit confused,sorry..
#6
Posted 03 August 2013 - 02:02 PM
Yes. We want to Clear All Events for both System and Applications. No need to save the log first.
#7
Posted 03 August 2013 - 04:58 PM
O.K. I deleted everything you said. The only thing i am not sure is done right is the Process Explorer. I double clicked on the first column CPU and waited and then I saved it. I am just not sure what ( with big hitters at the top) meant. So Here is everything I got for you. AGAIN THANK YOU SO MUCH!!!!
PROCESS EXPLORER:
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
5mbrmon.exe 596 K 2,296 K 3752 VER_DESCRIPTION VER_COMPANY_NAME (Verified) Mindspark Interactive Network
ALCWZRD.EXE 3,688 K 6,736 K 2124 RealTek AlcWzrd Application RealTek Semicoductor Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
alg.exe 1,212 K 3,680 K 3872 Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
AppleMobileDeviceService.exe 10,164 K 13,884 K 704 MobileDeviceService Apple Inc. (Verified) Apple Inc.
avgcsrvx.exe 10,932 K 348 K 1188 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgcsrvx.exe 6,896 K 336 K 2340 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgemcx.exe 2,960 K 7,152 K 1024 AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgfws.exe 8,420 K 14,596 K 764 AVG Firewall Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgidsagent.exe 11,248 K 13,824 K 792 AVG Identity Protection Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgnsx.exe 4,320 K 596 K 900 AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgrsx.exe 13,256 K 352 K 1148 AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgui.exe 4,140 K 13,356 K 3720 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgwdsvc.exe 6,248 K 15,556 K 844 AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
BackupStack.exe 38,328 K 33,408 K 872 Backup Stack Just Develop It (Verified) JDI BACKUP LIMITED
csrss.exe 1,828 K 4,328 K 1384 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
dllhost.exe 2,292 K 6,372 K 3528 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows Component Publisher
DriverTool.exe 42,964 K 52,388 K 3824 Driver Tool PC Drivers Headquarters (Verified) PC Drivers HeadQuarters
ehmsas.exe 644 K 2,632 K 3268 Media Center Media Status Aggregator Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ehRecvr.exe 6,396 K 9,892 K 252 Media Center Receiver Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ehSched.exe 1,512 K 4,920 K 668 Media Center Scheduler Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ehtray.exe 2,196 K 1,144 K 3212 Media Center Tray Applet Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
explorer.exe 14,576 K 23,472 K 2180 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
ExtensionUpdaterService.exe 8,956 K 2,604 K 888 (Verified) Bit Cocktail Ltd.
hkcmd.exe 712 K 2,844 K 2680 hkcmd Module Intel Corporation (No signature was present in the subject) Intel Corporation
igfxpers.exe 680 K 2,832 K 3136 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
loggingserver.exe 564 K 2,376 K 2920 loggings Application (Verified) AVG Technologies
lsass.exe 3,828 K 1,280 K 1464 LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Component Publisher
mDNSResponder.exe 984 K 3,088 K 1992 Bonjour Service Apple Inc. (Verified) Apple Inc.
rndlresolversvc.exe 664 K 2,396 K 2400 (Verified) RealNetworks
services.exe 1,780 K 3,540 K 1452 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smss.exe 176 K 436 K 1084 Windows NT Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SOUNDMAN.EXE 1,828 K 2,900 K 3180 Realtek Sound Manager Realtek Semiconductor Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 4,420 K 7,280 K 592 Spooler SubSystem App Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 3,020 K 5,180 K 1632 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,952 K 4,816 K 1740 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,340 K 3,640 K 1832 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,340 K 3,888 K 680 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 2,456 K 4,360 K 2432 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,592 K 4,008 K 1944 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 18,484 K 29,760 K 1780 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SymcPCCULaunchSvc.exe 2,084 K 3,116 K 1256 Norton PC Checkup Launcher Service Symantec Corporation (Verified) Symantec Corporation
ToolbarUpdater.exe 3,208 K 6,152 K 2460 ToolbarU Application AVG Secure Search (Verified) AVG Technologies
vprot.exe 13,296 K 20,612 K 3808 VProtect Application (Verified) AVG Technologies
winlogon.exe 6,688 K 2,280 K 1408 Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Component Publisher
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
procexp.exe 0.78 16,440 K 22,348 K 3196 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 3.13 0 K 392 K 4
firefox.exe 4.69 144,140 K 149,032 K 3896 Firefox Mozilla Corporation (Verified) Mozilla Corporation
System Idle Process 91.41 0 K 28 K 0 aswMBR.txt aswMBR.txt 515bytes 139 downloadsaswMBR.txt] TDSSKiller.2.8.16.0_03.08.2013_10.59.37_log.txt 167.42KB 131 downloads VEW.txt 788bytes 123 downloads VEW.txt 1.txt 358bytes 144 downloads SUPERUSE-8CC609.txt 321.98KB 133 downloads
PROCESS EXPLORER:
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
5mbrmon.exe 596 K 2,296 K 3752 VER_DESCRIPTION VER_COMPANY_NAME (Verified) Mindspark Interactive Network
ALCWZRD.EXE 3,688 K 6,736 K 2124 RealTek AlcWzrd Application RealTek Semicoductor Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
alg.exe 1,212 K 3,680 K 3872 Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
AppleMobileDeviceService.exe 10,164 K 13,884 K 704 MobileDeviceService Apple Inc. (Verified) Apple Inc.
avgcsrvx.exe 10,932 K 348 K 1188 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgcsrvx.exe 6,896 K 336 K 2340 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgemcx.exe 2,960 K 7,152 K 1024 AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgfws.exe 8,420 K 14,596 K 764 AVG Firewall Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgidsagent.exe 11,248 K 13,824 K 792 AVG Identity Protection Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgnsx.exe 4,320 K 596 K 900 AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgrsx.exe 13,256 K 352 K 1148 AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgui.exe 4,140 K 13,356 K 3720 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
avgwdsvc.exe 6,248 K 15,556 K 844 AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
BackupStack.exe 38,328 K 33,408 K 872 Backup Stack Just Develop It (Verified) JDI BACKUP LIMITED
csrss.exe 1,828 K 4,328 K 1384 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
dllhost.exe 2,292 K 6,372 K 3528 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows Component Publisher
DriverTool.exe 42,964 K 52,388 K 3824 Driver Tool PC Drivers Headquarters (Verified) PC Drivers HeadQuarters
ehmsas.exe 644 K 2,632 K 3268 Media Center Media Status Aggregator Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ehRecvr.exe 6,396 K 9,892 K 252 Media Center Receiver Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ehSched.exe 1,512 K 4,920 K 668 Media Center Scheduler Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ehtray.exe 2,196 K 1,144 K 3212 Media Center Tray Applet Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
explorer.exe 14,576 K 23,472 K 2180 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
ExtensionUpdaterService.exe 8,956 K 2,604 K 888 (Verified) Bit Cocktail Ltd.
hkcmd.exe 712 K 2,844 K 2680 hkcmd Module Intel Corporation (No signature was present in the subject) Intel Corporation
igfxpers.exe 680 K 2,832 K 3136 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
loggingserver.exe 564 K 2,376 K 2920 loggings Application (Verified) AVG Technologies
lsass.exe 3,828 K 1,280 K 1464 LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Component Publisher
mDNSResponder.exe 984 K 3,088 K 1992 Bonjour Service Apple Inc. (Verified) Apple Inc.
rndlresolversvc.exe 664 K 2,396 K 2400 (Verified) RealNetworks
services.exe 1,780 K 3,540 K 1452 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smss.exe 176 K 436 K 1084 Windows NT Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SOUNDMAN.EXE 1,828 K 2,900 K 3180 Realtek Sound Manager Realtek Semiconductor Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 4,420 K 7,280 K 592 Spooler SubSystem App Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 3,020 K 5,180 K 1632 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,952 K 4,816 K 1740 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,340 K 3,640 K 1832 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,340 K 3,888 K 680 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 2,456 K 4,360 K 2432 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,592 K 4,008 K 1944 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 18,484 K 29,760 K 1780 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SymcPCCULaunchSvc.exe 2,084 K 3,116 K 1256 Norton PC Checkup Launcher Service Symantec Corporation (Verified) Symantec Corporation
ToolbarUpdater.exe 3,208 K 6,152 K 2460 ToolbarU Application AVG Secure Search (Verified) AVG Technologies
vprot.exe 13,296 K 20,612 K 3808 VProtect Application (Verified) AVG Technologies
winlogon.exe 6,688 K 2,280 K 1408 Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Component Publisher
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
procexp.exe 0.78 16,440 K 22,348 K 3196 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 3.13 0 K 392 K 4
firefox.exe 4.69 144,140 K 149,032 K 3896 Firefox Mozilla Corporation (Verified) Mozilla Corporation
System Idle Process 91.41 0 K 28 K 0 aswMBR.txt aswMBR.txt 515bytes 139 downloadsaswMBR.txt] TDSSKiller.2.8.16.0_03.08.2013_10.59.37_log.txt 167.42KB 131 downloads VEW.txt 788bytes 123 downloads VEW.txt 1.txt 358bytes 144 downloads SUPERUSE-8CC609.txt 321.98KB 133 downloads
Attached Files
#8
Posted 03 August 2013 - 05:44 PM
One more click would have been better for Process Explorer. If you look at the log you will see that the process with the most CPU usage is at the bottom. Doesn't matter really as long as they are sorted one way or the other. I can still see that
System Idle Process is using 91.41% of the CPU which is good. The next biggest user is firefox.exe with 4.69 which is a bit higher than I like but not that bad.
Looking at the other logs:
aswMBR doesn't look like it finished. Please run it again and allow it 10 minutes to run.
TDSSKiller is not showing anything bad.
In VEW:
I think "ScRegSetValueExW call failed for FailureActions" errors are caused by AVG. Perhaps a newer version might fix it. Or Replace it with the free Avast. If you replace it make sure you run the AVG removal tool to get rid of the last traces of AVG per the following procedure.
Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe
Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG
Run the Avg Remover
Reboot
Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:
Speccy says it is running a bit hot:
Motherboard
ASUSTeK Computer INC. Goldfish3 (CPU 1) 58 °C
This should be down below 40 for a desktop. Probably indicates dust buildup or a weak fan. Shut it down but leave it plugged up. Open it up and clean out the dust with a vacuum cleaner hose and maybe a small brush. Pay particular attention to the vents on the front and back and the CPU's heatsink. If you do not see much dust, then turn it on and watch the fan. A good fan will rev up very quickly. A weak one will slowly get up to speed. If the fan makes noise (other than a wind sound) then it probably needs to be replaced. A hot CPU is either a slow PC or a dead PC.
Your Hard drive is starting to show its age. It has some bad sectors and a fair amount of errors. It's also very small so you might want to think about replacing it with a newer larger hard drive. Don't think it's urgent yet.
Combofix is OK. No malware but you really do not need Reg Cure Pro or Driver Tool.
I would run a defrag on the C:\ drive. XP is very bad about fragmenting the drive and a defrag will help speed it up.
http://support.microsoft.com/kb/314848
To speed up Firefox and Chrome:
Download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . (Close Firefox and Chrome) Click on Speedup my Firefox. When it finishes click on Exit.
If it's still slow then run a Check Disk:
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
Reboot.
The disk check will run and will probably take an hour or more to finish.
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Let me know if it is still slow.
System Idle Process is using 91.41% of the CPU which is good. The next biggest user is firefox.exe with 4.69 which is a bit higher than I like but not that bad.
Looking at the other logs:
aswMBR doesn't look like it finished. Please run it again and allow it 10 minutes to run.
TDSSKiller is not showing anything bad.
In VEW:
I think "ScRegSetValueExW call failed for FailureActions" errors are caused by AVG. Perhaps a newer version might fix it. Or Replace it with the free Avast. If you replace it make sure you run the AVG removal tool to get rid of the last traces of AVG per the following procedure.
Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe
Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG
Run the Avg Remover
Reboot
Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:
Speccy says it is running a bit hot:
Motherboard
ASUSTeK Computer INC. Goldfish3 (CPU 1) 58 °C
This should be down below 40 for a desktop. Probably indicates dust buildup or a weak fan. Shut it down but leave it plugged up. Open it up and clean out the dust with a vacuum cleaner hose and maybe a small brush. Pay particular attention to the vents on the front and back and the CPU's heatsink. If you do not see much dust, then turn it on and watch the fan. A good fan will rev up very quickly. A weak one will slowly get up to speed. If the fan makes noise (other than a wind sound) then it probably needs to be replaced. A hot CPU is either a slow PC or a dead PC.
Your Hard drive is starting to show its age. It has some bad sectors and a fair amount of errors. It's also very small so you might want to think about replacing it with a newer larger hard drive. Don't think it's urgent yet.
Combofix is OK. No malware but you really do not need Reg Cure Pro or Driver Tool.
I would run a defrag on the C:\ drive. XP is very bad about fragmenting the drive and a defrag will help speed it up.
http://support.microsoft.com/kb/314848
To speed up Firefox and Chrome:
Download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . (Close Firefox and Chrome) Click on Speedup my Firefox. When it finishes click on Exit.
If it's still slow then run a Check Disk:
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
Reboot.
The disk check will run and will probably take an hour or more to finish.
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Let me know if it is still slow.
#9
Posted 05 August 2013 - 07:21 PM
Ok I have done everything you asked me to do and in fact I will say that my computer is running much better then it was before. I have not checked the system restore yet because of course I do not want to lose anything I have done. But everything else seems to be working pretty good, still a bit slow when I log on but then as you said it had a small hard drive that is pretty full and there are several errors in the log so I guess I am really just pretty lucky it is working as well as it is. I did get this used from a man that had put a lot of things on here that I have never used and in fact never knew they were even on here till I saw then in different files in different places on the computer. I would like to know if there is any way to delete all these files that are either empty or I don't use them or they are no longer even installed.. As far as the AVG pro it did not delete all the files on here but then it is the AVG 2013 that I have installed just the 30 day trial. It is not active anymore and there are 82 files in the C:Program/avg folder that have not been deleted as of yet. That is also where the Reg Cure Pro files are that can not be deleted because neither of then are in the add/delete programs or the Program files at the start menu that say uninstall.I did however delete the driver tools. Do I need to purchase an anti virus program instead of only using the free ones so it is protected better. I also have along with Firefox the internet explorer on here is that ok? I had also in the past ran a scan on the drivers and there were 25 drivers that need to be updated and installed. Should I go ahead and order Driver Hub to update them? I ran the aswMBR,txt program again and it still seemed to be short so I ran it again under C; drive instead of quik scan. I have attached them. Can I delete all the logs that have been put on my desktop due to what you have had me run... Do I need to to get a registry cleaner I have heard different opinions on using those. I also went ahead and reinstalled the malwarebytes anti malware but just the free one. I did purchase MY PC BACKUP and backed everything up. Do I need to create a restore point at this point to have a place to come back to so I can restore if I ever have to.. Again thank you very much for all you have done for me. I am so surprised you don't charge for what you do. If there is anyway I can at least give you a little money for this please let me know. You have been amazing and I appreciate you more then you know...
aswMBR.txt2.txt 1.24KB
157 downloads
aswMBR.txt 1.49KB
116 downloads
VEW.txt 799bytes
161 downloads
VEW.txt1.txt 358bytes
159 downloads
#10
Posted 05 August 2013 - 09:37 PM
aswMBR looks good now.
We have a couple of AVG drivers and a MyFunCardsService that aren't starting because the files are gone. We can fix those and try and delete the avg folder:
Copy the following 5 lines:
sc delete AVGIDSHX
sc delete AVGIDSShim
sc delete MyFunCardsService
attrib -r -h -s "\Program Files\avg\*.*"
rmdir /s /q "\Program Files\avg"
Then Start, Run, cmd , OK to open a command window. Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter. If you don't get an error that should kill off the 2 drivers and the service. Clear the alarms as before and reboot then run VEW for System only and paste the log.
Let's also create a boot log and see if there is anything we need to fix there:
http://www.dummies.c...in-windows.html
Don't buy anything. They are mostly scams. Avoid registry cleaners. Dangerous. The free Avast is good enough for most people. You can delete any logs you have already posted and uninstall/delete any programs we had you download.
To uninstall combofix, copy the next line:
"c:\documents and settings\SuperUser\My Documents\Downloads\ComboFix.exe" /Uninstall
Start, Run, cmd, OK then right click, Paste, then hit Enter.
Firefox is a good browser. Make sure you have the AdBlock Plus addon. https://addons.mozil...n/adblock-plus/ Also it helps to download, save and run SpeedyFox:
http://www.crystalidea.com/speedyfox . Close Firefox (and Chrome), Click on Speedup my Firefox. When it finishes click on Exit. This make Firefox start up a lot faster. You can run SpeedyFox anytime Firefox seems slow to boot.
Did the malwarebytes anti malware scan come up clean?
We have a couple of AVG drivers and a MyFunCardsService that aren't starting because the files are gone. We can fix those and try and delete the avg folder:
Copy the following 5 lines:
sc delete AVGIDSHX
sc delete AVGIDSShim
sc delete MyFunCardsService
attrib -r -h -s "\Program Files\avg\*.*"
rmdir /s /q "\Program Files\avg"
Then Start, Run, cmd , OK to open a command window. Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter. If you don't get an error that should kill off the 2 drivers and the service. Clear the alarms as before and reboot then run VEW for System only and paste the log.
Let's also create a boot log and see if there is anything we need to fix there:
http://www.dummies.c...in-windows.html
Don't buy anything. They are mostly scams. Avoid registry cleaners. Dangerous. The free Avast is good enough for most people. You can delete any logs you have already posted and uninstall/delete any programs we had you download.
To uninstall combofix, copy the next line:
"c:\documents and settings\SuperUser\My Documents\Downloads\ComboFix.exe" /Uninstall
Start, Run, cmd, OK then right click, Paste, then hit Enter.
Firefox is a good browser. Make sure you have the AdBlock Plus addon. https://addons.mozil...n/adblock-plus/ Also it helps to download, save and run SpeedyFox:
http://www.crystalidea.com/speedyfox . Close Firefox (and Chrome), Click on Speedup my Firefox. When it finishes click on Exit. This make Firefox start up a lot faster. You can run SpeedyFox anytime Firefox seems slow to boot.
Did the malwarebytes anti malware scan come up clean?
#11
Posted 05 August 2013 - 11:07 PM
Is that the eventvwr.msc? If so I went there and under system and applications it does say error it also says error under the other 4 logs, internet explorer, media center, microsoft office diagnostics and microsoft office sessions. The only one that does not say error would be the security log and it says security audit records.
event viewer.txt 398bytes
112 downloads
Did not want to go any further till I knew for sure that is what you wanted me to do.. Forgive me for not being more computer literate..
Did not want to go any further till I knew for sure that is what you wanted me to do.. Forgive me for not being more computer literate..
#12
Posted 06 August 2013 - 12:16 AM
Yes. Clear the alarms:
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
then reboot and run VEW again.
Are you saying you get an error when you try to clear the alarms?
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
then reboot and run VEW again.
Are you saying you get an error when you try to clear the alarms?
#13
Posted 06 August 2013 - 09:36 AM
I don't get an error window that pops up, but in the eventvwr.msc window on the rt. side of screen where I have to rt. click on system and application to clear them, instead of it saying system log records they all say system error records application error records etc. so I wasn't sure if that is what you meant when you were talking about as long as I don't get any errors.. Also I ran the malwatebytes scanner again and it came up with 25 PUP.Optionals one was PUP.Optional.SweetPacks.A and there was Tarma.A IBryte.A Conduit.A Babylon.A MyWebSearch Most of them were Tarma.A but those are all the PUP's that are on here now.. Several are under C:System Volume Information\_Restore. And under category most are files and folders and registry keys but one is in the memory process never seen that before...
Edited by meandmy3tees, 06 August 2013 - 09:45 AM.
#14
Posted 06 August 2013 - 09:59 AM
Did you let MBAM delete the stuff it found?
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
That sounds like adware so run adwcleaner:
Download the adwCleaner
Since you can't figure out what I mean with the Event log just go ahead and rerun VEW.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
That sounds like adware so run adwcleaner:
Download the adwCleaner
- Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the Delete option - When the scan completes, it will open a notepad windows.
- Please, copy the content of this file in your next reply.
Since you can't figure out what I mean with the Event log just go ahead and rerun VEW.
#15
Posted 06 August 2013 - 05:26 PM
OK I went ahead and deleted the stuff that MBAM found and attached that file.
mbam-log-2013-08-05 (22-07-53).txt last.txt 9.48KB
130 downloadsI went ahead and turned off the alarms in eventvwr.msc and ran the Vew
VEW.txt 3.txt 2.22KB
149 downloadsI also ran the AdwCleaner
AdwCleanerR2.txt 1.txt 16.62KB
127 downloads. As far as the boot log, I did what it told me to do I hit F8 when I started the computer and it came up the window to scroll and click on Enable boot log so I did then another window came up and I scrolled to the windows xp Media Center Edition and hit enter and windows started and from there I have no Idea how to see the log. When one didn't come up I rebooted because it said it would run when I restarted windows but again I couldn't find a boot log. So now I feel real stupid because it said it was instructions for dummies. So i must be extra dumb.. I tried to uninstall the combofix and the window said C: documents is not recognized as an internal or external command operable program or batch file. I did add the adblock plus to firefox and reran the speedy fox again. It does start up faster now. I also opened up the computer and it had hardly any dust in it and the fans when I started it seemed to start pretty fast and sound like the wind. I think that is everything so far. Let me know..
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users