Very Slow Startup, Virus, Hijackers & Malware on friends 'Puter

Discussion in 'Malware Help (A Specialist Will Reply)' started by damedic_mt, Feb 2, 2010.

  1. damedic_mt

    damedic_mt Private E-2

    Hello, I'm Baaaack - Re: a friends computer this time. :( So many with prob's!

    Anyway, she has been telling me about her computer for months now but have not had a chance to get to it. Well, she is now out of the country for about 12 days. So, I can get some magic done to it while she is gone.

    So, now I turn to the awesome staff of Malware fighters on the front lines against these little :tas 's , here at MG's! Thanks!

    Here is what we have:
    Dell Desktop
    Running Windows XP Home SP2
    Pentium 4, 2.8 ghz
    512 mb Ram
    71 gb hardrive w/30 gb free

    As stated my friend has been complaining about her Very Slow Computer. I timed startup at 18 minutes plus, from reboot to usable desktop! :cry

    I did all of the R & R Me; (I hope I did it all properly) and the logs will follow. During the deletion of unneeded programs (and there were "MANY") I found some kind of Toolbar, browser helper, search assistant or something like that? that did not have the ability to be removed. Also a Media product browser? Oh well, I am sure you will inform me on what to do with those!

    When scanning, Items of the bad & nasty kind were found & were deleted by their respective software that was run.

    Had a problem with Root Repeal though??? I believe the scan should be longer than an intantaneous second? No visible sign that a scan was still running. At the very bottom of the screen, was a message saying "No items found" or something like that. Anyway, I did copy the log & it ended up on the desktop. Let me know if I did something wrong, please & if needed, I could attempt to run it again?

    Thanks - you guys Rock!

    Will look forward to your reply.
     

    Attached Files:

    damedic_mt, Feb 2, 2010
    #1
  2. damedic_mt

    damedic_mt Private E-2

    And the log for the Root Repeal.

    I don't think it scanned, though?

    Let me know if you can tell if I did something wrong: whether it was in the download or the unzip or ???

    I did click on "file" then on "Scan"

    Take care.
     

    Attached Files:

    damedic_mt, Feb 2, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This system needs twice the amount of RAM it has:
    Total Physical Memory 512.00 MB
    Available Physical Memory 152.76 MB

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now run CCLeaner and then run ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    Now make sure these folders are empty ( you can not remove items from today's date):
    C:\WINDOWS\Temp\
    C:\Documents and Settings\Nadya\Local Settings\Temp\

    Tell me what issues you still have.
     
    TimW, Feb 3, 2010
    #3
  4. damedic_mt

    damedic_mt Private E-2

    Hi Tim

    Thank you very much for taking this on. I truly appreciate it.

    I have completed the tasks recommended & as you suggested. The following has been completed successfully:
    • Copied & Pasted into Notepad and saved as fixME.reg & it added to the registry sucessfully
    • Did recieve a success message
    • Ran CCleaner
    • Ran ATF Cleaner
    • Deleted contents of the 1st Temp Folder
    • 2nd Temp Folder would not delete
      It was "SQL.txt" File with 0 KB​

    • Message Popped up saying: file being used by someone else, try later. Or something like that.​

    Restarted/Rebooted: Lots faster, since I cleaned things up via the R&R Me First - Instructions & your suggestions - I think the sluggishness has been corrected.

    I will note the suggestion to add more RAM! ;)

    Tim, Are we infested with Malware??? :confused

    Will be waiting for your next set of instructions. Thanks Again!

    Have a great evening & hope your Thursday will be fantastic! G'nite. :wave
     
    Last edited: Feb 4, 2010
    damedic_mt, Feb 4, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sorry for the delay.

    No, you are not infested. You should be clean now and unless you are still having issues, then you can do the following:

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures ian step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, Feb 7, 2010
    #5
  6. damedic_mt

    damedic_mt Private E-2

    Hi Tim

    Thank you for the reply & the Green Light, Re: the malware. Good to know that no infections still exist.

    Although I got some warnings quarantined viruses on AntiVir? Yesterday. I will post the log for your info.

    I did begin your cleanup steps & have toggled System Restore, ran MGclean.bat, and Pasted your command to delete all related to CF.

    SAS & MBAM are staying. Added AnitVir (as you already now know) and will be loading Comodo Personal FW. (Free Version)

    I will be informing her of maintenance procedures & how to use above, plus Spyware Blaster & CCleaner.

    I am considering to also load Spybot S&D (No TeaTimer) and immunize. What do you think of that lineup for protection & defense. Too much or not enough, is there something else I should do as well? :confused

    Also, I think the Startup needs some tweaking. Do I need to post a new thread in the "Software" forum or can you help me there as well? There are things on the taskbar near the clock that I don't think need to be there.

    Also your first recommendation about more memory has been taken into consideration & when my friend returns from Australia next week, she will pick some up.

    Thanks for your assistance.

    Will await your response about the startup assistance.

    Have a great week. :major
     

    Attached Files:

    damedic_mt, Feb 10, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    SpyBot ( without TeaTimer ) would be ok with what you have now. As to start ups, I suggest you use a start up manager:

    Startup_CPL

    Any questions you have as to what to disable in that list would best be addressed in the software forum.

    You are most welcome. I hope she thanks you for all your work getting her clean.
     
    TimW, Feb 11, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds