1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Resolved Extreeeemly slow computer

Discussion in 'Windows XP' started by dougcvd, 2013/10/06.

  1. 2013/10/06
    dougcvd

    dougcvd Well-Known Member Thread Starter

    Joined:
    2009/10/23
    Messages:
    83
    Likes Received:
    0
    My Windows Home Premium laptop has slowed to a snails pace. I have run malware scans, virus scans, this scan and that scan. I have used a registry optimization program on it. No matter what I do it will not speed up. I am at my wits end.

    Anybody have any suggestions?
     
    dougcvd,
    #1
  2. 2013/10/06
    SpywareDr

    SpywareDr SuperGeek WindowsBBS Team Member

    Joined:
    2005/12/31
    Messages:
    3,752
    Likes Received:
    338
    Max out the RAM and install a SSD.
     
    SpywareDr,
    #2


  3. to hide this advert.

  4. 2013/10/06
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    7,209
    Likes Received:
    514
    Is this the same laptop as in your "System" ?

    Windows Home Premium --- XP Pro SP3 are different surely? Neil.
     
    retiredlearner,
    #3
  5. 2013/10/06
    dougcvd

    dougcvd Well-Known Member Thread Starter

    Joined:
    2009/10/23
    Messages:
    83
    Likes Received:
    0
    My apologies, I have 7 computers sitting within 10 feet of me. I have updated my system info base on this computer.
     
    dougcvd,
    #4
  6. 2013/10/06
    rsinfo

    rsinfo SuperGeek Alumni

    Joined:
    2005/12/25
    Messages:
    4,076
    Likes Received:
    178
    Did you run chkdsk /r ?
     
    rsinfo,
    #5
  7. 2013/10/07
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,919
    Likes Received:
    511
    Hi dougcvd.

    Follow these steps to help make the computer run faster and more efficiently:

    1. Click Start< Control Panel< Uninstall a Program and uninstall any programs that you don't use.

    2. In Control Panel under Programs and Features click the link that says Turn Windows Features On or Off and uncheck all the checkboxes except for Games, Internet Explorer 8/9/10, Microsoft .NET Framework 3.5.1, Windows Media Features, Windows Search, XPS Services and XPS Viewer. Then Expand the Windows Media Features category and uncheck Windows Media Center unless you use it but leave Windows Media Player and Windows DVD Maker checked. Click Ok when you are done and then click on the Restart Later button when prompted. (If you use a Windows Feature that is listed then don't uncheck its checkbox)

    3. Download and run ATF Cleaner. Save the program to your desktop. After the download completes, right click on the ATF Cleaner program and select Run as Administrator. When it opens select all the checkboxes in the program then hit the empty selected button. Download it from here, ATF Cleaner.

    4. Run Disk Cleanup. Click Start< All Programs< Accessories< System Tools< Right click Disk Cleanup and select Run as Administrator. Once Disk Cleanup finishes calculating how much space it can free up make sure that all the checkboxes are selected. Once all of those checkboxes are selected click the More Options tab and under System Restore and Shadow Copies click the Cleanup button. Click Clean up to delete all of the old System Restore points. Once that's done click the Ok button to perform the requested actions and click Yes when prompted to allow Disk Cleanup to remove unnecessary files on the computer.

    5. Disable any Windows Services that you don't use by following Black Vipers Services Guide. After you have disabled the services that you don't need running, make sure to reboot the computer for the changes to take effect.

    6. Download and run Auslogics Disk Defrag. Make sure to uncheck any toolbars in the installation wizard as they are not needed. After the installation finishes open the program by right clicking on the Auslogics Disk Defrag shortcut and selecting Run As Administrator. When you open the program click on Settings< Defrag Priority and select High Priority. Then click on Settings< Program Settings< Algorithms Tab. Select the Delete temporary files before defragmenting checkbox and select the Move system files to the beginning on the disk checkbox. When done click Ok to close the Settings window. When you are ready to start the defragmentation process select the small down arrow next to the word Defrag and select the Defrag button. The process could take a long time so please be patient. Download it from here, Auslogics Disk Defrag.

    7. Download and run Auslogics Registry Defrag. Make sure to uncheck any toolbars in the installation wizard as they are not needed. After the installation finishes, open the program by right clicking on the Auslogics Registry Defrag shortcut and selecting Run As Administrator. When the program opens click the Analyze button. When the process finishes analyzing click the Defrag Registry button followed by clicking the Restart button to finish the registry defrag process. Download it from here, Auslogics Registry Defrag.

    8. Download and run Autoruns. After you download the zipped folder on your desktop, right click the zipped folder and click Extract All. After the folder has been extracted open the regular folder. Run the autoruns.exe program by right clicking on it and selecting Run as Administrator. When you open the program click the Logon Tab and then highlight and remove any programs that you don't need to startup with your computer. Download it from here, Autoruns.

    9. Click Start< Right Click Computer and click Properties. In the System window click the Advanced System Settings button< In the System Properties window on the advanced tab under where it says Performance hit the settings button. In the Performance Options window click the Advanced tab and under Virtual Memory click the Change button. In the Virtual Memory window make sure your hard drive is selected and select the option that says System Managed Size and click the Set button. Now click Ok on the Virtual Memory window to close it. Now in the Performance Options window click the Data Execution Prevention tab and select the option that says Turn on DEP for all programs and services except those I select. After that's done click Ok on all the windows to close them out and then reboot the computer.

    10. You can disable the Windows Aero Interface if you don't care about all of the glass effects and clear borders for a speed improvement, Disable Aero on Windows 7 or Vista.

    11. Take a look at these simple tweaks to decrease the delay time when opening menus and to improve the shutdown time, How to Speed up the Menu Show Delay Time in Windows 7, How to Change the Mouse Hover Time before Pop-up Displays in Windows 7, Speed up Windows 7 Shutdown.

    12. If you find the secure desktop functionality in User Account Control annoying then you can disable it for a speed improvement, Make User Account Control (UAC) Stop Blacking Out the Screen in Windows 7 or Vista.

    13. Run Check Disk on the hard drive to make sure there is no corruption with the file system. Follow the instructions from here, How to Run Disk Check in Windows 7. In the Check Disk options make sure that both the Automatically fix file system errors and Scan for and attempt recovery of bad sectors checkboxes are both checked before clicking on the Start button. Reboot the computer to allow Check Disk to run.

    14. Click Start< All Programs< Accessories< Right click on Command Prompt and select Run as Administrator. The Command Prompt window will open. Paste the following command in the Command Prompt window and press enter, Rundll32.exe advapi32.dll,ProcessIdleTasks. The process idle tasks process can take a few minutes to complete. Once it finishes you can close the Command Prompt window.

    15. Please download AdwCleaner and save it to your desktop. Run the program by right clicking on it and selecting Run as administrator. When the program opens click on the Scan button. Then when the program has finished scanning, click on the Clean button. The program will reboot the computer. Post the AdwCleaner log in your next reply.

    16. Next, download the Junkware Removal Tool and save it to your desktop. Run the program by right clicking on it and selecting Run as administrator and post the JRT log in your next reply.

    17. Then, download HijackThis to your desktop. Run the program by right clicking on it and selecting Run as administrator and on the Main Menu click the button that says Do a system scan and save a logfile. Post the HijackThis log in your next reply.

    18. Could you let me know what security programs you have installed?

    19. How many processes are running in the Windows Task Manager?

    Let me know if the computer is any faster after performing the above steps. :)
     
    Evan Omo,
    #6
  8. 2013/10/19
    dougcvd

    dougcvd Well-Known Member Thread Starter

    Joined:
    2009/10/23
    Messages:
    83
    Likes Received:
    0
    # AdwCleaner v3.008 - Report created 19/10/2013 at 10:23:07
    # Updated 17/10/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : CVD-Doug - CVD-DOUG-NB
    # Running from : C:\Users\CVD-Doug\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Search Toolbar
    Folder Deleted : C:\Users\CVD-Doug\AppData\Local\Conduit
    Folder Deleted : C:\Users\CVD-Doug\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\CVD-Doug\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\CVD-Doug\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Users\CVD-Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ad444uac.default\Smartbar
    File Deleted : C:\END
    File Deleted : C:\Users\CVD-Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ad444uac.default\searchplugins\safesearch.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3236136
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\ImInstaller

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16720


    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Users\CVD-Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ad444uac.default\prefs.js ]

    Line Deleted : user_pref( "CT3236136.1000082.isPlayDisplay ", "true ");
    Line Deleted : user_pref( "CT3236136.1000082.state ", "{\ "state\ ":\ "stopped\ ",\ "text\ ":\ "Californi...\ ",\ "description\ ":\ "California Rock - Rock\ ",\ "url\ ":\ "hxxp://www.feedlive.net/california.asx\ "} ");
    Line Deleted : user_pref( "CT3236136.ENABALE_HISTORY ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3236136.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3236136.FirstTime ", "true ");
    Line Deleted : user_pref( "CT3236136.FirstTimeFF3 ", "true ");
    Line Deleted : user_pref( "CT3236136.PG_ENABLE ", "dHJ1ZQ== ");
    Line Deleted : user_pref( "CT3236136.SearchFromAddressBarUrl ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3236136&SearchSource=2&CUI=UN11277885222145282&UM=UM_ID&q= ");
    Line Deleted : user_pref( "CT3236136.UserID ", "UN68373966328488986 ");
    Line Deleted : user_pref( "CT3236136.addressBarTakeOverEnabledInHidden ", "true ");
    Line Deleted : user_pref( "CT3236136.autoDisableScopes ", -1);
    Line Deleted : user_pref( "CT3236136.browser.search.defaultthis.engineName ", true);
    Line Deleted : user_pref( "CT3236136.cbfirsttime.enc ", "VGh1IEZlYiAxNCAyMDEzIDE5OjM2OjQ4IEdNVC0wNjAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp ");
    Line Deleted : user_pref( "CT3236136.defaultSearch ", "true ");
    Line Deleted : user_pref( "CT3236136.enableAlerts ", "always ");
    Line Deleted : user_pref( "CT3236136.enableFix404ByUser ", "TRUE ");
    Line Deleted : user_pref( "CT3236136.enableSearchFromAddressBar ", "true ");
    Line Deleted : user_pref( "CT3236136.firstTimeDialogOpened ", "true ");
    Line Deleted : user_pref( "CT3236136.fixPageNotFoundError ", "true ");
    Line Deleted : user_pref( "CT3236136.fixPageNotFoundErrorByUser ", "true ");
    Line Deleted : user_pref( "CT3236136.fixPageNotFoundErrorInHidden ", "true ");
    Line Deleted : user_pref( "CT3236136.fixUrls ", true);
    Line Deleted : user_pref( "CT3236136.installId ", "20 ");
    Line Deleted : user_pref( "CT3236136.installType ", "conduitnsisintegration ");
    Line Deleted : user_pref( "CT3236136.isCheckedStartAsHidden ", true);
    Line Deleted : user_pref( "CT3236136.isEnableAllDialogs ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3236136.isFirstTimeToolbarLoading ", "false ");
    Line Deleted : user_pref( "CT3236136.isPerformedSmartBarTransition ", "true ");
    Line Deleted : user_pref( "CT3236136.isToolbarShrinked ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "false\ "} ");
    Line Deleted : user_pref( "CT3236136.keyword ", true);
    Line Deleted : user_pref( "CT3236136.lastNewTabSettings ", "{\ "isEnabled\ ":true,\ "newTabUrl\ ":\ "hxxp://search.conduit.com/?ctid=CT3236136&octid=CT3236136&SearchSource=15&CUI=UN68373966328488986&SSPV=EB_SSPV&Lay=1&UM=\[...]
    Line Deleted : user_pref( "CT3236136.lastVersion ", "10.15.2.523 ");
    Line Deleted : user_pref( "CT3236136.mam_gk_installer_preapproved.enc ", "ZmFsc2U= ");
    Line Deleted : user_pref( "CT3236136.migrateAppsAndComponents ", true);
    Line Deleted : user_pref( "CT3236136.navigationAliasesJson ", "{\ "EB_MAIN_FRAME_URL\ ":\ "hxxps%3A%2F%2Fwd5.myworkday.com%2Fosv_meridian%2Ffx%2Fhome.flex%23%253Bosv_meridian%253Binst%253B1320%25246632%253Brel-task%253B2[...]
    Line Deleted : user_pref( "CT3236136.openThankYouPage ", "false ");
    Line Deleted : user_pref( "CT3236136.openUninstallPage ", "true ");
    Line Deleted : user_pref( "CT3236136.revertSettingsEnabled ", "false ");
    Line Deleted : user_pref( "CT3236136.search.searchAppId ", "10000002 ");
    Line Deleted : user_pref( "CT3236136.search.searchCount ", "0 ");
    Line Deleted : user_pref( "CT3236136.searchFromAddressBarEnabledByUser ", "true ");
    Line Deleted : user_pref( "CT3236136.searchInNewTabEnabledByUser ", "true ");
    Line Deleted : user_pref( "CT3236136.searchInNewTabEnabledInHidden ", "true ");
    Line Deleted : user_pref( "CT3236136.selectToSearchBoxEnabled ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_service_login_isFirstLoginInvoked ", "{\ "dataType\ ":\ "boolean\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_service_login_loginCount ", "{\ "dataType\ ":\ "number\ ",\ "data\ ":\ "4\ "} ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_service_toolbarGrouping_activeCTID ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "CT3236136\ "} ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_service_toolbarGrouping_activeDownloadUrl ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "hxxp://CaliforniaFontsToolbar.OurToolbar.com//xpi\ "} ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_service_toolbarGrouping_activeToolbarName ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "CaliforniaFonts\ "} ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_service_toolbarGrouping_invoked ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_appTrackingFirstTime_lastUpdate ", "1360804580762 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_appTracking_lastUpdate ", "1360892190735 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_appsMetadata_lastUpdate ", "1360890982938 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_gottenAppsContextMenu_lastUpdate ", "1360804580397 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_location_lastUpdate ", "1371810902486 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_login_10.14.65.43_lastUpdate ", "1364158626032 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_login_10.15.0.562_lastUpdate ", "1366629573400 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_login_10.15.2.523_lastUpdate ", "1371810902672 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_otherAppsContextMenu_lastUpdate ", "1360804580176 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_searchAPI_lastUpdate ", "1360900972938 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_serviceMap_lastUpdate ", "1371810902161 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_setupAPI_lastUpdate ", "1360900973307 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_toolbarContextMenu_lastUpdate ", "1360804580039 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_toolbarSettings_lastUpdate ", "1371810902807 ");
    Line Deleted : user_pref( "CT3236136.serviceLayer_services_translation_lastUpdate ", "1371810903054 ");
    Line Deleted : user_pref( "CT3236136.settingsINI ", true);
    Line Deleted : user_pref( "CT3236136.shouldFirstTimeDialog ", "false ");
    Line Deleted : user_pref( "CT3236136.showToolbarPermission ", "false ");
    Line Deleted : user_pref( "CT3236136.smartbar.CTID ", "CT3236136 ");
    Line Deleted : user_pref( "CT3236136.smartbar.Uninstall ", "0 ");
    Line Deleted : user_pref( "CT3236136.smartbar.homepage ", true);
    Line Deleted : user_pref( "CT3236136.smartbar.isHidden ", true);
    Line Deleted : user_pref( "CT3236136.smartbar.toolbarName ", "CaliforniaFonts ");
    Line Deleted : user_pref( "CT3236136.startPage ", "true ");
    Line Deleted : user_pref( "CT3236136.toolbarBornServerTime ", "14-2-2013 ");
    Line Deleted : user_pref( "CT3236136.toolbarCurrentServerTime ", "21-6-2013 ");
    Line Deleted : user_pref( "CT3236136.toolbarLoginClientTime ", "Sun Mar 31 2013 16:00:40 GMT-0500 (Central Daylight Time) ");
    Line Deleted : user_pref( "CT3236136_Firefox.csv ", "[{\ "from\ ":\ "Abs Layer\ ",\ "action\ ":\ "loading toolbar\ ",\ "time\ ":1371810773025,\ "isWithState\ ":\ "\ ",\ "timeFromStart\ ":0,\ "timeFromPrev\ ":0}] ");
    Line Deleted : user_pref( "Smartbar.ConduitHomepagesList ", "hxxp://search.conduit.com/?ctid=CT3236136&SearchSource=13&CUI=UN11277885222145282 ");
    Line Deleted : user_pref( "Smartbar.ConduitSearchEngineList ", "CaliforniaFonts Customized Web Search ");
    Line Deleted : user_pref( "Smartbar.ConduitSearchUrlList ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3236136&SearchSource=2&CUI=UN11277885222145282&UM=UM_ID&q= ");
    Line Deleted : user_pref( "Smartbar.SearchFromAddressBarSavedUrl ", "hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= ");
    Line Deleted : user_pref( "Smartbar.keywordURLSelectedCTID ", "CT3236136 ");
    Line Deleted : user_pref( "extensions.wecarereminder.merchHash ", "{\ "AFFILIATES\ ":{\ "1-Sale-A-Day\ ":{\ "name\ ":\ "1 Sale A Day\ ",\ "autordr\ ":1,\ "n\ ":\ "3\ ",\ "td\ ":1.5},\ "1-Stop-Florists\ ":{\ "name\ ":\ "1 Stop Florists\ ",\[...]
    Line Deleted : user_pref( "keyword.URL ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3236136&SearchSource=2&CUI=UN68373966328488986&UM=&q= ");
    Line Deleted : user_pref( "smartBar.searchInNewTabOwner ", "CT3236136 ");
    Line Deleted : user_pref( "smartbar.conduitHomepageList ", "hxxp://search.conduit.com/?ctid=CT3236136&SearchSource=13&CUI=UN11277885222145282 ");
    Line Deleted : user_pref( "smartbar.conduitSearchAddressUrlList ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3236136&SearchSource=2&CUI=UN11277885222145282&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx[...]
    Line Deleted : user_pref( "smartbar.machineId ", "HJJFZBNABC68NJMS1L7VPOFVDEUJI/TBUCUUP4PUGKIDL9OF+8Z23O6JPTQ7LEBLN+UI/UL7W/ZBQ8WCL89XIW ");
    Line Deleted : user_pref( "smartbar.originalHomepage ", "hxxp://www.onenewsnow.com ");
    Line Deleted : user_pref( "smartbar.originalSearchAddressUrl ", "hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= ");
    Line Deleted : user_pref( "smartbar.originalSearchEngine ", false);

    *************************

    AdwCleaner[R0].txt - [12952 octets] - [19/10/2013 10:21:13]
    AdwCleaner[S0].txt - [12935 octets] - [19/10/2013 10:23:07]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12996 octets] ##########
     
    dougcvd,
    #7
  9. 2013/10/19
    dougcvd

    dougcvd Well-Known Member Thread Starter

    Joined:
    2009/10/23
    Messages:
    83
    Likes Received:
    0
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.7 (10.15.2013:3)
    OS: Windows 7 Home Premium x64
    Ran by CVD-Doug on Sat 10/19/2013 at 10:40:32.86
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\asktoolbar_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\asktoolbar_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\asktoolbar_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\asktoolbar_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7FC3F17C-EFA2-4E1A-93FE-9B96D4706A16}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\CVD-Doug\appdata\local\cre "



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\CVD-Doug\AppData\Roaming\mozilla\firefox\profiles\ad444uac.default\searchplugins\bing-zugo.xml
    Successfully deleted the following from C:\Users\CVD-Doug\AppData\Roaming\mozilla\firefox\profiles\ad444uac.default\prefs.js

    user_pref( "extensions.searchtoolbar@zugo.com.install-event-fired ", true);
    Emptied folder: C:\Users\CVD-Doug\AppData\Roaming\mozilla\firefox\profiles\ad444uac.default\minidumps [38 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 10/19/2013 at 11:12:59.20
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    dougcvd,
    #8
  10. 2013/10/19
    dougcvd

    dougcvd Well-Known Member Thread Starter

    Joined:
    2009/10/23
    Messages:
    83
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:15:59 AM, on 10/19/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16720)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\WizMouse\WizMouse.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
    C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
    C:\Users\CVD-Doug\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onenewsnow.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.820.2\NativeBHO.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll
    O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [BatteryCare] C:\Program Files (x86)\BatteryCare\BatteryCare.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - (no file)
    O9 - Extra 'Tools' menuitem: Add to TOSHIBA Bulletin Board - {97F922BD-8563-4184-87EE-8C4ACA438823} - (no file)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=1007
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE96AA~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: lxeeCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe
    O23 - Service: lxee_device - - C:\windows\system32\lxeecoms.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12086 bytes
     
    dougcvd,
    #9
  11. 2013/10/19
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,919
    Likes Received:
    511
    In Hijackthis select the following entries:

    O2 - BHO: (no name) - AutorunsDisabled - (no file)

    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

    O9 - Extra button: (no name) - AutorunsDisabled - (no file)

    You are running three security programs, SuperAntiSpyware, Constant Guard Protection Suite, and Norton Internet Security. I would recommend uninstalling both Constant Guard Protection and Norton Internet Security from Control Panel< Uninstall a program. Also remove any other Norton utilities from your machine.

    If you do not use the Google Toolbar then that program can be removed as well.

    Then once that is done download and run the Norton Removal Tool.

    After the Norton Removal Tool has finished, reboot the machine and then you can install either Avast Antivirus or Microsoft Security Essentials as a replacement.

    Once those steps have been completed let me know how the computer is running.
     
    Last edited: 2013/10/19
    Evan Omo,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...