Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 - Chrome/IE does not start. PC very slow


  • This topic is locked This topic is locked
14 replies to this topic

#1 StefanoT

StefanoT

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Genoa - Italy
  • Local time:06:19 AM

Posted 15 January 2017 - 05:55 AM

Hi,

my friend's pc it's very slow on starting and when you try to use a browser (IE or Chrome) it doesn't start at all.

Is there anyone that can help me please? :)

I've attached Farbars's log (hoping that was the right thing to do :-) ).

 

thanks to everyone who want to help and sorry for my english!

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:19 AM

Posted 15 January 2017 - 06:41 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(it takes a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:



createsrpoint;
filesrcm; 
uninstall-list;
iedefaults;
ffdefaults;
chrdefaults;
emptyclsid;
emptyalltemp;
autoclean;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Copy and paste the log to your next reply please.
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 StefanoT

StefanoT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Genoa - Italy
  • Local time:06:19 AM

Posted 15 January 2017 - 08:41 AM

Hi Jo,

thanks for your help.  :)

 

Here the log you requested.

Attached Files



#4 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:19 AM

Posted 15 January 2017 - 08:55 AM

FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 StefanoT

StefanoT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Genoa - Italy
  • Local time:06:19 AM

Posted 15 January 2017 - 01:35 PM

Hi Jo,

I've done the scan and here you have the log files.

 

Thanks!! :)

 

Attached Files



#6 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:19 AM

Posted 15 January 2017 - 01:58 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1240077880-2421743634-1451985747-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ggbg_15_29&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyByEzyyE0AzytD0A0AtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1PtN1L1G1B1V1N2Y1L1Qzu2SyEtB0A0EzyyD0ByBtGyBtAtDtBtGtDtCtAtBtGtD0DtB0FtGyBzztAyCtAyD0AtC0ByDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0D0B0F0E0CzztDtG0AyDtAzytGyE0F0E0BtGzyyDtDtBtGzzzzzyyCtC0AyBtB0AtDyByB2QtN0A0LzutB&cr=848060161&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ggbg_15_29&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyByEzyyE0AzytD0A0AtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1PtN1L1G1B1V1N2Y1L1Qzu2SyEtB0A0EzyyD0ByBtGyBtAtDtBtGtDtCtAtBtGtD0DtB0FtGyBzztAyCtAyD0AtC0ByDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0D0B0F0E0CzztDtG0AyDtAzytGyE0F0E0BtGzyyDtDtBtGzzzzzyyCtC0AyBtB0AtDyByB2QtN0A0LzutB&cr=848060161&ir=
SearchScopes: HKU\S-1-5-21-1240077880-2421743634-1451985747-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1240077880-2421743634-1451985747-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ggbg_15_29&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDtCyByEzyyE0AzytD0A0AtN0D0Tzu0StCtBzytCtN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1PtN1L1G1B1V1N2Y1L1Qzu2SyEtB0A0EzyyD0ByBtGyBtAtDtBtGtDtCtAtBtGtD0DtB0FtGyBzztAyCtAyD0AtC0ByDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0D0B0F0E0CzztDtG0AyDtAzytGyE0F0E0BtGzyyDtDtBtGzzzzzyyCtC0AyBtB0AtDyByB2QtN0A0LzutB&cr=848060161&ir=
FF Extension: (No Name) - C:\Users\Camilla\AppData\Roaming\Mozilla\Firefox\Profiles\var3az83.default\extensions\caseyvelez@aol.com [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 wafd_vt_1_10_0_20; system32\drivers\wafd_vt_1_10_0_20.sys [X]
Task: {9405A37E-B4C8-4803-BDF4-C032BD0313BE} - \LaunchPreSignup -> No File <==== ATTENTION
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 StefanoT

StefanoT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Genoa - Italy
  • Local time:06:19 AM

Posted 15 January 2017 - 03:02 PM

Hi Jo,

here it is the fixlog.txt.

 

Thanks! :)

Attached Files



#8 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:19 AM

Posted 15 January 2017 - 04:20 PM

How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 StefanoT

StefanoT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Genoa - Italy
  • Local time:06:19 AM

Posted 15 January 2017 - 04:55 PM

Better I think! :)

Chrome seems to be ok now.

What did you find?



#10 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:19 AM

Posted 16 January 2017 - 04:19 AM

OK, fine.

We removed temp files and some adware.

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 StefanoT

StefanoT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Genoa - Italy
  • Local time:06:19 AM

Posted 16 January 2017 - 04:26 AM

Hi Jo,

thanks for your efforts! I'm in office atm, I'll do it this evening.

 

Have a nice day!

Ste



#12 StefanoT

StefanoT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Genoa - Italy
  • Local time:06:19 AM

Posted 16 January 2017 - 01:27 PM

Hi Jo,

here it is the file you requested.

 

Attached Files



#13 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:19 AM

Posted 16 January 2017 - 01:47 PM


***


It Appears That Your Pc Is Clean!

***


Clean up:

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

===================================

Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step2: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step3: Use only one anti-virus software and keep it up-to-date.

:step4: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step5: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step6: Use Strong passwords!

:step7: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 StefanoT

StefanoT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Genoa - Italy
  • Local time:06:19 AM

Posted 16 January 2017 - 01:56 PM

Thanks a lot Jo!! :)

 

Now seems to be fast again. :bounce:

 

Grazie! :)



#15 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:19 AM

Posted 16 January 2017 - 02:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users