Newbie - Computer has slowed down

Re: Newbie - Slow Computer Part 2

Welcome to Majorgeeks!

You will probably have to look into a different reason for why your computer has "slowed down". You don't show any signs of malware. Please answer the below questions:

1. What exactly do you mean by "slowed down"?
2. Have all operations slowed down?
3. Is it always slow or does it come and go?
4. Is it just while online that things are slow surfing?
5. Is just bootup slow?
6. Are all user accounts slow?
7. Does anything show up in Task Manager that appears to be using all of your CPU time?
8. Do the same problems occur in safe mode?

I do have some other questions about things I saw in your logs!

Did you install the below CameraFixer program? What is it for and why is it necessary to load at startup?
C:\WINDOWS\CameraFixer.exe

Did you put the below Control Panel Restrictions in place?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Also did you or you son put all the below policies and restrictions into place?

 

Okay then let's remove it and see what effect it has.

Make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.

C:\WINDOWS\CameraFixer.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\CameraFixer.exe

Now run Ccleaner.

Now reboot in normal mode

Now attach the a new HJT logs.

Any change in your problems!

 

You did not attach the log! Also you did not say if it made any difference!

 

Then I repeat what I said earlier

I would suggest the Software or Hardware Forum.

You should however uninstall CounterSpy now which is only a trial and you do not need it anymore. Also, it will also conrtibute to slowing your PC down.

If you would like, you could run a rootkit detection tool first to make sure no rootkits are hiding from view of everything else run, but I doubt it will find anything. If you would like to check, continue on to the below:


Please download Blacklight Beta

• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of the BlackLight log.

 

It's clean as I suspected.

Are your Spybot definitions upto date. This is a valid Windows file used with Office. This error with Spybot has been seen in the past.

Here's an article explaining how to disable it:

OFFXP: What Is CTFMON and What Does It Do? (Q282599)

It is still trying to load. Let's cleanup since it obviously did not uninstall properly.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

After clicking Fix, exit HJT.

Use Windows Explorer to delete:
C:\Documents and Settings\Craig\Local Settings\Application Data\Sunbelt Software <--- the whole folder
C:\Program Files\Sunbelt Software <--- the whole folder

You're welcome and the same for you.


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!