Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop PC has slowed down considerably, sometimes hangs


  • This topic is locked This topic is locked
13 replies to this topic

#1 wojtasys

wojtasys

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 10 March 2017 - 09:27 AM

This is an old XP Desktop PC used for office work. Has Eset Antivirus and I do occasional Spybot scans. Despite it having Eset which is up to date, it started showing a security alert that it has no antivirus protection. When I fire it up, instead of booting to XP off the bat, it makes me select a boot option, despite me not having changed anything in BIOS or elsewhere. It was quite agile for its age and specs but has slowed down considerably of late. New browser tabs, programmes hang regularly or are not responding, it takes a long time to open anything. Am I infected? I'm attaching the Farbar scan logs. Thanks.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:10 PM

Posted 10 March 2017 - 10:13 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-1482476501-1844237615-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\Iza M\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-19] (Google Inc.)
HKU\S-1-5-21-1482476501-1844237615-839522115-1003\...\Run: [*LABAL*] => [X]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Iza M\Dane aplikacji\Dropbox\bin\Dropbox.exe (Brak pliku)
GroupPolicy\User: Ograniczenia ? <======= UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-1482476501-1844237615-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
SearchScopes: HKU\S-1-5-21-1482476501-1844237615-839522115-1003 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  Brak pliku
FF user.js: detected! => C:\Documents and Settings\Iza M\Dane aplikacji\Mozilla\Firefox\Profiles\8takbxl3.default\user.js [2014-10-09]
FF NewTab: C:\Documents and Settings\Iza M\Dane aplikacji\Mozilla\Firefox\Profiles\8takbxl3.default -> hxxp://www.mysites123.com/newtab/?type=nt&ts=1455753505&z=595f266d53a2d70ebf285a7g7z8wew4mdwcc7w8eew&from=amt&uid=st380011a_5jv59rms
FF user.js: detected! => C:\Documents and Settings\Iza M\Dane aplikacji\Mozilla\Firefox\Profiles\4dsgxu0n.Odzyskany\user.js [2013-08-30]
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Documents and Settings\Iza M\Dane aplikacji\Mozilla\Firefox\Profiles\8takbxl3.default\extensions\deskCutv2@gmail.com => nie znaleziono
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.mysites123.com/?type=hp&ts=1455753505&z=595f266d53a2d70ebf285a7g7z8wew4mdwcc7w8eew&from=amt&uid=st380011a_5jv59rms"
CHR Extension: (Platnosci w sklepie Chrome Web Store) - C:\Documents and Settings\Iza M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Platnosci w sklepie Chrome Web Store) - C:\Documents and Settings\Iza M\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-19]
CHR HKU\S-1-5-21-1482476501-1844237615-839522115-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Documents and Settings\Iza M\Ustawienia lokalne\Dane aplikacji\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx <nie znaleziono>
S2 ihpmServer; "C:\Program Files\RayDld\ihpmServer.exe" [X]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 catchme; \??\C:\DOCUME~1\IZAM~1\USTAWI~1\Temp\catchme.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]
AlternateDataStreams: C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3B71D0B4 [126]
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Iza M\Dane aplikacji\PT\updater.exe] => Enabled:PornTime Updater
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Iza M\Ustawienia lokalne\Dane aplikacji\Popcorn Time\nw.exe] => Enabled:nw

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.

#3 wojtasys

wojtasys
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 13 March 2017 - 04:33 PM

Hi

Attaching the logs you wanted. I cleaned up Firefox too and it made a difference, but I had made a backup using Mozbackup, and when I loaded up the old stuff it slowed down again, but it's still better. I need the Pocket extension which has a lot of the items I need, bookmarks and saved tabs I regularly access. It's a lot of work to set it all up so I'd backed it all up. Or should I completely clean Firefox and set it up by hand again? Adwcleaner deleted some keys, the log is in Polish. At the beginning it says it deleted folder: C:\Program Files\DriverToolkit, then it has a list that says: deleted KEY this or that, or deleted KEY during reboot. At the end it says: deleted key tracing and Winsock settings reset. Do you want this log in English and is it possible to make one, as the OS is Polish.

Attached Files



#4 wojtasys

wojtasys
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 13 March 2017 - 04:36 PM

I'm not sure Adw cleaner has removed some items I might need. Some items sound familiar but I wouldn't know what they do. I only realized the things had been removed after the fact.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:10 PM

Posted 14 March 2017 - 07:41 AM


I can translate the Polish text with I'm translator
https://chrome.google.com/webstore/detail/imtranslator-translator-d/noaijdpnepcgjemiklgfkcfbkokogabh?hl=en
<<<>>>

You do not need or want any of the Items removed by the AdwCleaner tool.
This tool is now owned and updated by Malwarebytes.
===

If you need to:

You can save your Firefox Bookmarks and restore them after a Refresh or Firefox or a new installed version.

https://support.mozilla.org/t5/Basic-Browsing/Restore-bookmarks-from-backup-or-move-them-to-another-computer/ta-p/2345

===

The same can be done with your Passwords.
https://www.howtogeek.com/howto/internet/firefox/backup-and-restore-firefox-passwords-list/

===

#6 wojtasys

wojtasys
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 17 March 2017 - 08:47 AM

Thanks a lot. Two more issues: the boot screen making me select an option before actually booting into XP, previously XP fired up automatically. There a way of getting rid of that? Another thing - XP doesn't see Eset antivirus. The problem appeared lately. There's a security alert which I can't get rid of. Eset is up to date.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:10 PM

Posted 17 March 2017 - 10:19 AM


the boot screen making me select an option before actually booting into XP, previously XP fired up automatically.


Try this fix.

To specify the default operating system for startup
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sysdm_advancd_startrecover_default_os.mspx?mfr=true

===

There's a security alert which I can't get rid of. Eset is up to date.

Can you give me the exact message, it may help identifying what to do.

#8 wojtasys

wojtasys
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 18 March 2017 - 12:29 PM

Hi. Thanks, 1st problem sorted. As for the 2nd  - it says in the XP Security Centre - Antivirus not found. Eset is in place and up to date. This little red shield in right bottom corner and a message about lack of an antivirus started appearing lately.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:10 PM

Posted 19 March 2017 - 07:31 AM


Try this fix.

Windows Security centre does not recognise my Anti Virus

https://answers.microsoft.com/en-us/windows/forum/windows_xp-security/windows-security-centre-does-not-recognise-my-anti/b59be1d2-1218-47b9-b9a0-fe6849095543

#10 wojtasys

wojtasys
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 19 March 2017 - 03:42 PM

Hi

The fix didn't work.

The other thing is - after refreshing firefox it became unusuable, froze and hung stubbornly making it impossible to do any work whatsoever. I restored the previous setup from Mozbackup, it's better, so I can at least write that message but still bad.

Could it be just the glitchy OS? Hasn't been ever reinstalled, same one for 10 years or so.

I though abt trying out Windows 7 on it, it's got one RAM slot left so can be pimped out slightly.



#11 wojtasys

wojtasys
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 19 March 2017 - 07:08 PM

It seems like the Internet traffic on my PC is obstructed somehow, everything else works fine, except for the browsers, which hang all the time, each in a different manner, Firefox freezes and unfreezes in turn, Chrome takes ages to open a website but once it does it doesn't freeze, Opera is in pertetuity stuck trying to open a website which it seems to be unable to do..it was slow before these fixes but it was usable but now it's completely paralysed



#12 wojtasys

wojtasys
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 20 March 2017 - 07:52 AM

I booted into safe mode with networking and everything works OK, none of the browsers freeze. Firefox with all the extensions works fine and fast, pages open in an instant. It seems like all this cleaning had messed up the situation even more:/



#13 wojtasys

wojtasys
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 20 March 2017 - 08:34 AM

That's very odd, after booting into safe mode with networking, which worked fine, I booted it normally and it has sped up like crazy, things are working seamlessly, websites open instantly. What happened? Is it going to last? Firefox has the previous setup which I retrieved from Mozbackup (extensions, tabs, etc) and it's not sluggish at all now.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:10 PM

Posted 20 March 2017 - 08:41 AM

If it's working let it be.

Firefox may have been damaged.

Work with the computer for a few days and let me know how thing are.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users