Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VERY Slow Even After Clean Install of Windows 7


  • This topic is locked This topic is locked
9 replies to this topic

#1 MrMortgageLoan

MrMortgageLoan

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Eastern South Central Northwest Mongolia
  • Local time:04:02 PM

Posted 31 January 2017 - 07:40 PM

In the words of the great American poet Brian Wilson... "Help me Rhonda, help, help me Rhonda". Ok, you computer guys/gals are probably too young to know the song... but trust, me, that was some funny stuff. 

 

My daughters computer is a small Toshiba running Windows 7 Home Premium 64 bit. It has no CD drive so the hard drive is partitioned with the Windows installation software on it. I wiped the computer and then reinstalled Windows along with 239 important and optional updates. I removed the "junk" such as McAfee and Norton and have not installed anything else on the machine but it is still slow when clicking on icons to open items up. 

 

I am not expert, because if I were... I wouldn't be on here asking for help... but think that whatever was downloaded made it to the other side of the partition and was still there when I reinstalled Windows. I have run Adwcleaner, SpyBot and Windows Defender but to no avail. I have run and uploaded the FRST log. 

 

Now that you know my tale of woe, I say again, Help me Rhonda, help, help me Rhonda... 

Attached Files

  • Attached File  FRST.txt   213.57KB   8 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 PM

Posted 01 February 2017 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

C:\Program Files (x86)\Google\Update\Install\{18878989-C1E2-4BD3-B57C-D1E3B986AAB9}\56.0.2924.76_chrome_installer.exe
(Google Inc.) C:\Windows\Temp\CR_94BA2.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_94BA2.tmp\setup.exe
HKLM\...\Run: [] => [X]
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-25]
CHR Extension: (Chrome Media Router) - C:\Users\Zeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-25]
C:\Windows\Temp\CR_94BA2.tmp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixldog.txt and let me know what problem persists.

Include also the Addition.txt file that was created by the Farbar tool.


p.s.
I see traces of Norton on your log.
To remove it completely download and run their removal tool from this site.

https://support.norton.com/sp/en/us/home/current/solutions/v60392881_EndUserProfile_en_us

Restart the computer normally.

#3 MrMortgageLoan

MrMortgageLoan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Eastern South Central Northwest Mongolia
  • Local time:04:02 PM

Posted 02 February 2017 - 03:41 PM

Good afternoon Nasdaq, 
 
I have completed the steps that you wanted me to do and the log is attached. I await your next steps.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 PM

Posted 03 February 2017 - 08:05 AM

My previous instructions.

Please post the Fixldog.txt and let me know what problem persists.

Include also the Addition.txt file that was created by the Farbar tool.


Please attach the Addition.txt file. Let me know if the problem persists.

#5 MrMortgageLoan

MrMortgageLoan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Eastern South Central Northwest Mongolia
  • Local time:04:02 PM

Posted 03 February 2017 - 09:32 AM

My apologies, see what happens when I try to rush?  My girlfriend figured out how to attach the file yesterday and she isn;t here right now. I clicked "My Media" and chose the two requested files. I hope that is how it is done. If not, please advise
 
Attached File  Fixlog.txt   3.01KB   5 downloads
Attached File  Addition.txt   19.44KB   12 downloads

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 PM

Posted 03 February 2017 - 10:34 AM

ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

CustomCLSID: HKU\S-1-5-21-975436461-1371251080-99864421-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"r8\..\mshtml,RunHTMLApplication ";eval("usxznspq7<odv!@buhwdYNckdbu)#VRbshq (the data entry has 28614 more characters). <==== Poweliks?

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 PM

Posted 09 February 2017 - 08:58 AM

are you still with me?

#8 MrMortgageLoan

MrMortgageLoan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Eastern South Central Northwest Mongolia
  • Local time:04:02 PM

Posted 10 February 2017 - 07:17 AM

I'm sorry, I asked my girlfriend to do this for me and she misunderstood and thought I just meant follow the directions. I thought she'd posted the results, she didnt know I needed her to reply with the results also. We've tried turning System Restore on, but cant seem to figure it out. Neither of us is exactly computer illiterate and can, in most cases, figure things out with a simple Google search. However, even using the link the you provided, the in computer system Help screen and a Google search, we're unable to figure out how to turn it on. Attached File  Fixlog.txt   942bytes   3 downloadsSo, with no further excuses, the new file is attached. I pasted the command into notepad, named it, clicked Fix on the tool again, just to make sure it was a clean, up to date copy.

 

It doesn't seem to be as slow as it was. It just restarted in about 30 seconds, whereas it was taking up to 3 minutes to restart before, so something has changed for the better! Thank you for your help thus far, I await your instructions.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 PM

Posted 10 February 2017 - 10:06 AM

The system restore is good. The powerlink infection was probably the cause of the false positive.
There was one created by the command in the Fixlist log.

If ever you need to restore you computer check this article.

Go to this page.

http://www.howtogeek.com/howto/windows-vista/using-windows-vista-system-restore/

Just read the instructions under this title.
How to Restore Your System to an Earlier Restore Point

Close the windows when done.
===

Run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:02 PM

Posted 16 February 2017 - 08:30 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users