Very slow PC Please help

Hi'

I have just run IObit scan and this was what it found
[Edit | thisisu > Removed inline IObit log]

 

Hi and welcome to Major Geeks, nightmaiden!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and then attach the requested logs to your next reply when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

* Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated - our system works the oldest threads FIRST.
​

 

Hi Thisisu and thanks very much for taking the time to help with my PC. I really appreciate it.

I have done all that was asked using the removal guide. With the last one, the MGTools, I had to run it in safe mode. When I did it normal a box flashed up very quickly, when I hit run, and then disappeared. It created the folder but did nothing more. It did not create a log. I am still having problems with being slow and the other probs I had were when I click on my computer I get a flashlight and it take quite awhile to load the my computer box. Also whenever I try to save a file and click on the name of the destination in the box itself my pc freezes for awhile but if I click on "save in" for example the desktop image on the left side it doesn't freeze. But the main prob is running slow.

Thanks for your help. Logs attached

 

Here is the last log

Cheers!

 

Try running this from Normal Mode:

http://dus.x10.mx/canned/otlicon.gifPlease download OTL by Old Timer to your desktop.

• See the download links under this icon: http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif
• Double-click OTL.exe to run (Vista and Win7 right click and select Run as administrator)
• When the window appears, underneath Output at the top-right, make sure Standard Output is selected.
• Select Scan All Users.
• Check the boxes beside LOP Check and Purity Check.
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  netsvcs
  %systemdrive%\*.exe
  /md5start
  afd.sys
  atapi.sys
  csrss.exe
  explorer.exe
  ipnat.sys
  ipsec.sys
  regedit.exe
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  %systemroot%\*. /mp /s
  %windir%\assembly\GAC\*.ini
  %windir%\assembly\GAC_MSIL\*.ini
  %windir%\assembly\gac_32\*.ini
  %windir%\assembly\gac_64\*.ini
  %windir%\assembly\temp\*.ini
  %windir%\assembly\tmp\u /s
  %allusersprofile%\application data\*.exe
  %systemdrive%\MGtools\
  %systemdrive%\
  %userprofile%\desktop\
  hklm\software\microsoft\windows\currentversion\run|exe /rs
  hklm\software\microsoft\windows\currentversion\runonce|exe /rs
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• When the scan is complete, Notepad will open with the results of the OTL scan.
• Close Notepad.
• There will be two log files on your desktop entitled OTL.txt and Extras.txt.
• Attach both OTL.txt and Extras.txt to your next message. (How to attach items to your post)

 

Hi Thisisu

I downloaded the OTL. When I double clicked it to run it a notepad came up with a lot of info in it. I closed it because I couldn't see the program. When I closed the notepad the program box for OTL came up. I ran it but did not get an extras.txt file only the OTL txt which I have attached.

Thanks

 

Is your Kaspersky AntiVirus 2010 subscription still active? If not, you should uninstall it.
Are you having any trouble connecting to the Internet too?

http://dus.x10.mx/canned/otlicon.gifNow we need to make use of OTL by Old Timer.

• Double-click OTL.exe to run (Vista and Win7 right-click and select Run as administrator)
• When OTL opens, copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  [COLOR="DarkRed"]:otl[/COLOR]
  DRV - [2009/12/08 18:38:09 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
  IE - HKU\.DEFAULT\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
  IE - HKU\S-1-5-18\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
  FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame:  File not found
  FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
  FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8:  File not found
  O2 - BHO: (no name) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - No CLSID value found.
  O18 - Protocol\Handler\tmtb - No CLSID value found
  C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
  C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
  C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
  @Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
  @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
  @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A74A9A7
  [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [COLOR="DarkRed"]:services [/COLOR]
  [COLOR="DarkRed"]:files[/COLOR]
  C:\Windows\Tasks\At*.job
  xcopy %temp%\smtmp\1 "%allusersprofile%\start menu" /s /i /h /y /c
  xcopy %temp%\smtmp\2 "%userprofile%\application data\microsoft\internet explorer\quick launch" /s /i /h /y /c
  xcopy %temp%\smtmp\3 "%appdata%\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar" /s /i /h /y /c
  xcopy %temp%\smtmp\4 "%allusersprofile%\desktop" /s /i /h /y /c
  dir "C:\Documents and Settings\All Users\Application Data\avg9ls\" /c
  [COLOR="DarkRed"]:reg[/COLOR]
  [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
  [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}]
  [COLOR="DarkRed"]:commands[/COLOR]
  [purity]
  [emptytemp]
  

• Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• When complete, Notepad will open.
• Close Notepad.
• A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
• Attach this log to your next message. (How to attach items to your post)

• Now open OTL again and click the http://img683.imageshack.us/img683/4483/quickscanotl.png button
  Note: This automatically updates the OTL.txt log on your desktop.
• Attach OTL.txt to your next message. (How to attach items to your post)

http://img810.imageshack.us/img810/3061/vew.gif Please download Vino's Event Viewer by Vino Rosso to your desktop.

• Double-click VEW.exe to run.
• Under Select log to query, select:
  • Application
  • System
• Under Select type to list, select:
  • Error
  • Warning
• Click the radio button for Number of events
• Type 20 in the 1 to 20 box.
• Now click the Run button
• When the program is finished, Notepad will open.
• Close Notepad
• Browse explorer to find C:\VEW.txt
• This is where the log saved itself.
• Attach VEW.txt to your next message. (How to attach items to your post)

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​

 

Hi

I have tried following your instructions but when I run OTL after pasting the txt into the box and hitting run fix a black dos box flicks up then disappears and I get the following error.

Cannot locate file C:\Documents and settings\User\Desktop\cmd.bat.

The program then seems to not respond and I have to close it. Along the bottom where it shows the actions it states.

Moving file C:\Windows\Task\At*.job...

But the program does nothing more and I cannot click on anything, so have to close it after awhile and reboot the pc as I have no desktop.

Thanks

 

As to the Kaspersky I am trying to find my original disk. I have had a lot of problems with it since I have had it. It used to not update and freeze my pc, that seems to have fixed itself. I cannot do scans as it always malfunctions. IT is set on auto to scan but it tells me the last time it was scanned is unknown and next to the reason for stopping scan is malfunction. When it did used to work though it used to remove my volume icon and network icon from my tray. My friend used to put them back but after the next scan it would remove them again and quarantine my volume? So I have not been able to access my volume or network icons and just do not use them as I don't know how to get them back in my tray near the clock.

 

Sorry as to being active, yes, it is always running but as I said doesn't work well.

Under license it says 221 days remaining. And no problems connecting to the internet.

 

Try this since OTL didn't work for you:

http://img839.imageshack.us/img839/3005/combofixicon.gif Now we need to make use of ComboFix by sUBs

• Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
  • If it is not on your desktop, the below will not work.
• Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
• Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ADS::[/COLOR]
C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
C:\Documents and Settings\All Users\Application Data\TEMP:4A74A9A7
[COLOR="DarkRed"]AtJob::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]DirLook::[/COLOR]
C:\Documents and Settings\All Users\Application Data\avg9ls
[COLOR="DarkRed"]Driver::[/COLOR]
avgntflt
[COLOR="DarkRed"]File::[/COLOR]
C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
C:\WINDOWS\system32\drivers\avgntflt.sys
[COLOR="DarkRed"]Folder::[/COLOR]
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[COLOR="DarkRed"]Registry::[/COLOR]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}]

• Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
• At this point, you must exit all browsers now before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
• This shall launch ComboFix.
  Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
• Allow ComboFix to update itself if prompted.
• When it finishes, a log will be produced at C:\ComboFix.txt
  Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
• Attach this log to your next message. (How to attach items to your post)

Still complete the instructions for Vino's Event Viewer as well

 

I do not think your problem is malware related at the moment. Sounds like problems with your Windows installation to me and/or software you have installed. We'll find out more once you complete the above instructions.

 

Hi

Here is the log for Combo fix and also tried to run Vino's and it said

Run Time Error 429
Active X component can't create object

 

Your logs are clean. This does look to be a software / Windows related issue. Please seek additional help at the Software forum if you are still experiencing a slow PC. I tried to get some application error logs to see what is causing errors but none of the methods I tried worked. This is not the scope of this particular forum anyways.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Thanks for all your support and advise. I will do the final steps you have suggested and look at the software forums for any information that may help.

Again thank you so much for taking the time to help

Sue

 

You're welcome. Surf safely!