Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 10 PC - All programs running very slow (outlook very very slow)


  • This topic is locked This topic is locked
19 replies to this topic

#1 dice1976

dice1976

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 29 January 2017 - 12:02 AM

Hi,

I have a client computer and all the software runs very slow and sluggish.  

 

Outlook takes over 90 seconds to fully open

Web browsers (firefox and chrome) both at times run with "not responding" messages

I've run a virus scan and it's clean

I first ran Rogue Killer - that removed 53 infections

I then ran malware anti-bytes - removed 6 infections

 

PC is better than it was when I got to it - but I feel something else is still there.

 

Anyone available to help?  I'd really appreciate it.  Please let me know what logs are needed and I will upload asap.

 

Adding : the cortana (circle ask me anything) is also super slow to type into and search for anything (i.e. internet settings, mouse, control panel, etc)


Edited by dice1976, 29 January 2017 - 12:16 AM.


BC AdBot (Login to Remove)

 


#2 dice1976

dice1976
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 29 January 2017 - 09:47 AM

Attaching Logs...

FRST.txt

addition.txt

Attached Files



#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 29 January 2017 - 04:45 PM

Hello  dice1976 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
 

COMODO Firewall (Enabled)
Windows Firewall is enabled.

 

Multiple Firewall Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause.  Firewall programs take up an enormous amount of your computer's resources when they are actively scanning your computer.  Having two     Firewall programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
========================================================================================

 

Please,on the Firefox and Chrome are all browser extensions remove. (Dragon Web Extension + Speed Dial + The Addon Bar + uBlock Origin + Tab Mix Plus)

 

===============================

 

Please do the following;

 

Run FRST fixlist

  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => No File
GroupPolicyScripts: Restriction <======= ATTENTION
HKU\S-1-5-21-2595825010-3496890370-1190324721-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
URLSearchHook: [S-1-5-21-2595825010-3496890370-1190324721-1010] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {DA77820D-A8B0-413F-A786-BF5B63B7D715} URL =
SearchScopes: HKLM-x32 -> DefaultScope {DA77820D-A8B0-413F-A786-BF5B63B7D715} URL =
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
FF Homepage: Mozilla\Firefox\Profiles\aldb4ena.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
FF NewTab: Mozilla\Firefox\Profiles\aldb4ena.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
Task: {34884A06-58DC-4FDC-8421-C4E7066101E1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {408F0D72-620C-4013-8D86-D0C2AE4A3811} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4B737AA7-FDAC-4530-B0DA-B43101AA99A8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5582C33B-B6E0-4EAF-9600-E39402008C03} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {58E52364-7E65-40C5-97CC-7D3402FB9F1E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7E895C40-FE68-4EFF-B573-A8F2A6C10DBB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMLJOJKMHMGMNMLMNMCNIMPMMMGMCNLMKJLMGMCNGMHMHMJJCNIMMMKMMJMMLMLMLMLMOJNJLJJNJICMIMCNGMCNNMMMFMOMOMCNMMNMOMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMOMFMEKMICNJJCKFMHMMMHMJNHICMEKMICNJJCKJNBJCMNKAJNJJNKJCMJNNICMJNDJCMKJBJJNMJCM (the data entry has 49 more characters).
Task: {7FF76F26-2DFB-442B-9307-A6BFEBBD90C7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8E180F8C-2E54-4F05-BC58-581806932A8C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {9005F698-351C-4E12-8791-D352F4B8583D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B88AD619-F536-4B49-916B-5D05EA9F6B9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C014D3B6-3A85-48E0-987A-355F5699685F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CF34A03B-EB01-4893-A0CF-B51CB217AE88} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F25A0D31-A857-44A2-AADB-400512B9E062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:3229 [0]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:3281 [0]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:3382 [0]
AlternateDataStreams: C:\ProgramData\TEMP:01C66DD9 [516]
AlternateDataStreams: C:\ProgramData\TEMP:0B9FB94D [496]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [217]
FirewallRules: [UDP Query User{84256A6D-1E5B-4300-85E2-6040C8F2B4AE}C:\users\rob\appdata\local\temp\g2_1875\g2viewer.exe] => C:\users\rob\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [TCP Query User{DEFF0166-604C-4426-889D-ED2A51271734}C:\users\rob\appdata\local\temp\g2_1875\g2viewer.exe] => C:\users\rob\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [{77479142-F170-4C24-8C7B-00C2084F57EB}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{2B8AA84D-9F61-4F11-A98A-A329B0A97F13}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-12-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx <not found>
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S4 LMIRfsClientNP; no ImagePath
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-28] ()
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
2017-01-28 12:13 - 2015-05-30 20:38 - 00000650 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2595825010-3496890370-1190324721-1001.job
2017-01-28 12:13 - 2014-11-13 10:57 - 00000554 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2595825010-3496890370-1190324721-1001.job
2014-07-24 08:36 - 2014-07-24 08:36 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-07-24 12:01 - 2014-07-24 12:01 - 0000088 __RSH () C:\ProgramData\E151E88CA8.sys
2014-07-24 12:01 - 2015-11-01 21:35 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
C:\Users\Rob\AppData\Local\Resmon.ResmonCfg
C:\Users\Rob\AppData\Local\Temp\dllnt_dump.dll
CMD: bitsadmin /reset /allusers
Hosts:
EmptyTemp:
Reboot:

NOTICE: This script is written specifically for this computer!!!

  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press the Fix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.
======================================================

Any issue ?

 

Regards

Yılmaz


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 dice1976

dice1976
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 30 January 2017 - 12:16 PM

I disabled Windows firewall (as suggested- good idea. thanks) here is fixlog.txt ouput Also- in the mean time, I happened to check the dell support site for driver updates and found 4 to install for chipset and bios. those are installing now as I post this. after that reboot I will post update on speed and health Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017 Ran by Rob (29-01-2017 23:13:33) Run:1 Running from C:\Systools Loaded Profiles: Rob & QBDataServiceUser25 & QBDataServiceUser26 (Available Profiles: Rob & LogMeInRemoteUser & QBDataServiceUser25 & QBDataServiceUser26) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] AppInit_DLLs: C:\Windows\system32\nvinitx.dll => No File GroupPolicyScripts: Restriction <======= ATTENTION HKU\S-1-5-21-2595825010-3496890370-1190324721-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome URLSearchHook: [S-1-5-21-2595825010-3496890370-1190324721-1010] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope {DA77820D-A8B0-413F-A786-BF5B63B7D715} URL = SearchScopes: HKLM-x32 -> DefaultScope {DA77820D-A8B0-413F-A786-BF5B63B7D715} URL = BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File FF Homepage: Mozilla\Firefox\Profiles\aldb4ena.default -> chrome://fvd.speeddial/content/fvd_about_blank.html FF NewTab: Mozilla\Firefox\Profiles\aldb4ena.default -> chrome://fvd.speeddial/content/fvd_about_blank.html Task: {34884A06-58DC-4FDC-8421-C4E7066101E1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {408F0D72-620C-4013-8D86-D0C2AE4A3811} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {4B737AA7-FDAC-4530-B0DA-B43101AA99A8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {5582C33B-B6E0-4EAF-9600-E39402008C03} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {58E52364-7E65-40C5-97CC-7D3402FB9F1E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {7E895C40-FE68-4EFF-B573-A8F2A6C10DBB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMLJOJKMHMGMNMLMNMCNIMPMMMGMCNLMKJLMGMCNGMHMHMJJCNIMMMKMMJMMLMLMLMLMOJNJLJJNJICMIMCNGMCNNMMMFMOMOMCNMMNMOMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMOMFMEKMICNJJCKFMHMMMHMJNHICMEKMICNJJCKJNBJCMNKAJNJJNKJCMJNNICMJNDJCMKJBJJNMJCM (the data entry has 49 more characters). Task: {7FF76F26-2DFB-442B-9307-A6BFEBBD90C7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {8E180F8C-2E54-4F05-BC58-581806932A8C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {9005F698-351C-4E12-8791-D352F4B8583D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {B88AD619-F536-4B49-916B-5D05EA9F6B9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {C014D3B6-3A85-48E0-987A-355F5699685F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {CF34A03B-EB01-4893-A0CF-B51CB217AE88} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {F25A0D31-A857-44A2-AADB-400512B9E062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:3229 [0] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:3281 [0] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:3382 [0] AlternateDataStreams: C:\ProgramData\TEMP:01C66DD9 [516] AlternateDataStreams: C:\ProgramData\TEMP:0B9FB94D [496] AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [217] FirewallRules: [UDP Query User{84256A6D-1E5B-4300-85E2-6040C8F2B4AE}C:\users\rob\appdata\local\temp\g2_1875\g2viewer.exe] => C:\users\rob\appdata\local\temp\g2_1875\g2viewer.exe FirewallRules: [TCP Query User{DEFF0166-604C-4426-889D-ED2A51271734}C:\users\rob\appdata\local\temp\g2_1875\g2viewer.exe] => C:\users\rob\appdata\local\temp\g2_1875\g2viewer.exe FirewallRules: [{77479142-F170-4C24-8C7B-00C2084F57EB}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe FirewallRules: [{2B8AA84D-9F61-4F11-A98A-A329B0A97F13}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-12-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] S4 LMIRfsClientNP; no ImagePath U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-28] () S3 dbx; system32\DRIVERS\dbx.sys [X] U3 idsvc; no ImagePath 2017-01-28 12:13 - 2015-05-30 20:38 - 00000650 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2595825010-3496890370-1190324721-1001.job 2017-01-28 12:13 - 2014-11-13 10:57 - 00000554 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2595825010-3496890370-1190324721-1001.job 2014-07-24 08:36 - 2014-07-24 08:36 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-07-24 12:01 - 2014-07-24 12:01 - 0000088 __RSH () C:\ProgramData\E151E88CA8.sys 2014-07-24 12:01 - 2015-11-01 21:35 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys C:\Users\Rob\AppData\Local\Resmon.ResmonCfg C:\Users\Rob\AppData\Local\Temp\dllnt_dump.dll CMD: bitsadmin /reset /allusers Hosts: EmptyTemp: Reboot: ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully "C:\Windows\system32\nvinitx.dll" => Value data removed successfully. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully HKU\S-1-5-21-2595825010-3496890370-1190324721-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully Could not restore Default URLSearchHook. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} => key removed successfully HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} => key not found. Firefox "homepage" removed successfully Firefox "newtab" removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34884A06-58DC-4FDC-8421-C4E7066101E1} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34884A06-58DC-4FDC-8421-C4E7066101E1} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{408F0D72-620C-4013-8D86-D0C2AE4A3811} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{408F0D72-620C-4013-8D86-D0C2AE4A3811} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B737AA7-FDAC-4530-B0DA-B43101AA99A8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B737AA7-FDAC-4530-B0DA-B43101AA99A8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5582C33B-B6E0-4EAF-9600-E39402008C03} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5582C33B-B6E0-4EAF-9600-E39402008C03} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58E52364-7E65-40C5-97CC-7D3402FB9F1E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58E52364-7E65-40C5-97CC-7D3402FB9F1E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E895C40-FE68-4EFF-B573-A8F2A6C10DBB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E895C40-FE68-4EFF-B573-A8F2A6C10DBB} => key removed successfully C:\WINDOWS\System32\Tasks\Open URL by RoboForm => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FF76F26-2DFB-442B-9307-A6BFEBBD90C7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FF76F26-2DFB-442B-9307-A6BFEBBD90C7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E180F8C-2E54-4F05-BC58-581806932A8C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E180F8C-2E54-4F05-BC58-581806932A8C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9005F698-351C-4E12-8791-D352F4B8583D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9005F698-351C-4E12-8791-D352F4B8583D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B88AD619-F536-4B49-916B-5D05EA9F6B9B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B88AD619-F536-4B49-916B-5D05EA9F6B9B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C014D3B6-3A85-48E0-987A-355F5699685F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C014D3B6-3A85-48E0-987A-355F5699685F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF34A03B-EB01-4893-A0CF-B51CB217AE88} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF34A03B-EB01-4893-A0CF-B51CB217AE88} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F25A0D31-A857-44A2-AADB-400512B9E062} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F25A0D31-A857-44A2-AADB-400512B9E062} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully C:\WINDOWS\SysWOW64\MSIHANDLE => ":3229" ADS removed successfully. C:\WINDOWS\SysWOW64\MSIHANDLE => ":3281" ADS removed successfully. C:\WINDOWS\SysWOW64\MSIHANDLE => ":3382" ADS removed successfully. C:\ProgramData\TEMP => ":01C66DD9" ADS removed successfully. C:\ProgramData\TEMP => ":0B9FB94D" ADS removed successfully. C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{84256A6D-1E5B-4300-85E2-6040C8F2B4AE}C:\users\rob\appdata\local\temp\g2_1875\g2viewer.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DEFF0166-604C-4426-889D-ED2A51271734}C:\users\rob\appdata\local\temp\g2_1875\g2viewer.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{77479142-F170-4C24-8C7B-00C2084F57EB} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B8AA84D-9F61-4F11-A98A-A329B0A97F13} => value removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx => moved successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hakdifolhalapjijoafobooafbilfakh => key removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => key removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pjldcfjmnllhmgjclecdnfampinooman => key removed successfully HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully ibtsiva => service removed successfully HKLM\System\CurrentControlSet\Services\LMIRfsClientNP => key removed successfully LMIRfsClientNP => service removed successfully HKLM\System\CurrentControlSet\Services\TrueSight => key removed successfully TrueSight => service removed successfully HKLM\System\CurrentControlSet\Services\dbx => key removed successfully dbx => service removed successfully HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully idsvc => service removed successfully C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2595825010-3496890370-1190324721-1001.job => moved successfully C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2595825010-3496890370-1190324721-1001.job => moved successfully C:\ProgramData\Ament.ini => moved successfully C:\ProgramData\E151E88CA8.sys => moved successfully C:\ProgramData\KGyGaAvL.sys => moved successfully C:\Users\Rob\AppData\Local\Resmon.ResmonCfg => moved successfully C:\Users\Rob\AppData\Local\Temp\dllnt_dump.dll => moved successfully ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 BITS administration utility. © Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 237404253 B Java, Flash, Steam htmlcache => 72978 B Windows/system/drivers => 264807618 B Edge => 9594361 B Chrome => 17039677 B Firefox => 376107994 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6148 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 76134 B NetworkService => 979832 B Rob => 53818995 B LogMeInRemoteUser => 0 B QBDataServiceUser25 => 0 B QBDataServiceUser26 => 6148 B RecycleBin => 43080901 B EmptyTemp: => 956.6 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 23:54:25 ====

#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 30 January 2017 - 02:12 PM

Hi dice1976,
 
How is the system running now and browsers ? Any problems?

 

Have you Firefox extension uninstalled ?

===================================================================

İnternet explorer:

Internet Explorer 9, 10 and 11 (Win) - Clearing Cache and Cookies
https://kb.wisc.edu/page.php?id=15141
Next >>
How to reset Internet Explorer settings
https://support.microsoft.com/en-us/kb/923737

 

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141

 

 Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings

https://support.google.com/chrome/answer/3296214?hl=en

 

===============================================================================

 

Regards,

Yılmaz


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 dice1976

dice1976
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 30 January 2017 - 02:21 PM

hello olgun52 and thank you for quick reply. browsers and internet browsing is fine. runs as normal. (note: removing extensions had no effect on browsing. I disabled, and tested, and removed and tested. no major change with browsing and internet use in chrome or firefox) After installed hd drivers- pc seemed to pickup a little bit of speed. I still get occasional (not responding) message at top of certain apps like ms outlook, ms word, ACT! problems with some slowness or "not responding" messages seem to occur still when launching ms outlook 2013 and ACT! premium 17 Outlook- I have reset the OST and it updated to a new one. Cortana (little circle dot) search is very slow when I type in it still I'm currently also running sfc /scannow to check for hd errors

#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 30 January 2017 - 02:44 PM

Hi
 
 
Step1:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Regards

Yılmaz


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 dice1976

dice1976
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 31 January 2017 - 12:52 PM

Hello olgun52-  I was not able to run the full RogueKiller as it was taking over 8 hours and the user needed the PC last night.  I have the adwcleaner log attached below.   I did as requested- Search & then clean.

 

Note: "Right Clicking" in windows explorer on files also throws the "not responding" in explorer.  It also takes way too long on a pc like this to right click on anything in explorer for the menu to appear

 
Also- typing in cortana (circle) is so slow.  As soon as I can get roguekiller to run  full I will post- maybe tonight.  
 
Are there any shorter scans we can run in the mean time ?
 
# AdwCleaner v6.043 - Logfile created 30/01/2017 at 16:16:25
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-30.3 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Rob - ROBLAPTOP
# Running from : C:\Users\Rob\Downloads\adwcleaner_6.043.exe
# Mode: Clean
 
 
***** [ Services ] *****
 
***** [ Folders ] *****
 
***** [ Files ] *****
 
***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
 
***** [ Registry ] *****
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3001 Bytes] - [28/01/2017 13:25:46]
C:\AdwCleaner\AdwCleaner[C2].txt - [1041 Bytes] - [30/01/2017 16:16:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [2914 Bytes] - [28/01/2017 13:25:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [1285 Bytes] - [28/01/2017 17:05:48]
C:\AdwCleaner\AdwCleaner[S2].txt - [1511 Bytes] - [30/01/2017 16:15:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1333 Bytes] ##########

Edited by dice1976, 31 January 2017 - 02:30 PM.


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 31 January 2017 - 04:37 PM

Hi dice1976,
 
Please,temporarily uninstall Comodo internet security and Malwarebytes softwares. We should test the system. PC restart.
 
And please windows firewall do the disable.
 
I do not see a problem with ACT files and addresses.There seems to be a problem restricting the system.
 
Please now  check if the issues persists and let me know how it goes.
 
--------

Are there any shorter scans we can run in the mean time ?

I am sorry.
--------------------------------------------------------------------------------------------------------------------------------
SecurityCheck

Please download SecurityCheck: LINK

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 dice1976

dice1976
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 31 January 2017 - 06:02 PM

Hi-  This is all that was in the notepad from the checkup.txt

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader XI  
 Mozilla Firefox (51.0.1) 
 Google Chrome (56.0.2924.76) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````
 Windows Defender MSMpEng.exe 
 Windows Defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Edited by dice1976, 31 January 2017 - 06:03 PM.


#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 01 February 2017 - 01:01 PM

Thank you.

Let's the repair given before.

 

Windows Repair (All in One):

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the tweaking.com_windows_riepair_aio_setup icon
  • Continually click Next, then Finish
  • If you are running in Safe Mode click OK on the Warning screen
  • Note: If you are unable to complete one of the steps simply continue on with the next step
  • Go to Step 5 and click Create under System Restore, then Backup under Registry Backup
  • Go to the Repairs tab and click Open Repairs
  • Place a checkmark in the following boxes and uncheck everything else

Reset Registry Permissions
Reset File Permissions
Reset Service Permissions
Register System Files

Remove Policies Set By Infections
Unhide Non System Files
Repair File Associations
Restore Important Windows Services
Set Windows Services To Default Startup

Repair WMI

Repair Windows Firewall

Repair Internet Explorer

Repair MDAC & MS Jet

Repair Hosts File

Repair Icons

Repair Winsock & DNS Cache

Repair Proxy Settings

Unhide Non System Files

Repair Windows Updates

Repair CD/DVD Missing/Not Working

  • Click on box next to the Restart/Shutdown System when Finished
  • Click on Restart System
  • Click on Start Repairs
  • Your computer will reboot upon completion
  • Using Windows Explorer navigate to the following file

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs

  • Copy and paste (or attach if necessary) the contents of the log in your reply

================================================================================

Please you check at all the windows updates.And Please do all,If it is missing .

I hope this would help. Let me know if that completes ok.

How is the system running now?

 

Thanks

Yılmaz


Edited by olgun52, 01 February 2017 - 01:23 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 dice1976

dice1976
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 01 February 2017 - 05:26 PM

I was going to put all logs inline- but it was way too long.  I attached a single file and combined all logs.

 

I added / began each log with === (name of log) so you can see where each starts.

 

Attached File  Tweaking.com_Windows_Repair_Log.txt   396.2KB   2 downloads

 

Also- after a few "right click" tests in explorer it seems to be acting a lot better (at least 60%-75% better) and less of a delay to bring up the menu


Edited by dice1976, 01 February 2017 - 05:46 PM.


#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 01 February 2017 - 06:20 PM

Hi, thank you.

 

Run the Windows Update troubleshooter
For Windows 10
https://support.microsoft.com/en-us/help/10164/fix-windows-update-errors
 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 dice1976

dice1976
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 01 February 2017 - 11:56 PM

i ran the windows update fix...

 

now clicking on some "file > save as..." gets the Not Responding message at the top...  right clicking on folders and exe's are slow

 

also not sure why but some functions like right clicking seem slower again



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 04 February 2017 - 03:46 PM

Does windos update works perfect and do you have any your missing ?

========================================================

 

 Please post a fresh FRST logfile for my review


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users