1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Extremely slow computer - referred to this forum

Discussion in 'Virus & Other Malware Removal' started by lanemom, Feb 25, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. lanemom

    lanemom Thread Starter

    Joined:
    Feb 25, 2019
    Messages:
    38
    I posted in the Hardware forum requesting assistance with my extremely slow Internet speeds. Here is the forum thread link - https://forums.techguy.org/threads/extremely-slow-computer.1223585/#post-9584157.
    I would like to have the PC checked for Malware.

    Here is the system info:
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: AMD E2-7110 APU with AMD Radeon R2 Graphics, AMD64 Family 22 Model 48 Stepping 1
    Processor Count: 4
    RAM: 3520 Mb
    Graphics Card: AMD Radeon(TM) R2 Graphics, 512 Mb
    Hard Drives: C: 929 GB (722 GB Free);
    Motherboard: Dell Inc., 053JT0
    Antivirus: Norton Security, Enabled and Updated
     
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
    • Please read all instructions carefully, and complete them in the order listed.
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • If you have questions about anything, please ask.


    --------------------


    Download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • If you receive a SmartScreen pop-up, click More Info, then Run Anyway.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, two log files will open - FRST.txt and Addition.txt.
    • Attach FRST.txt and Addition.txt to your next reply. You can do this by clicking Attach a file at the bottom of your post.

    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,787
    First Name:
    Frank
  4. lanemom

    lanemom Thread Starter

    Joined:
    Feb 25, 2019
    Messages:
    38
    Please see attached.
     

    Attached Files:

  5. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Thanks for the link. (y)

    ----------------------------------

    I will take a look at the FRST logs, and get back to you as soon as possible.
     
  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Hi,

    Do you use this program?

    ShopTracker 1.1.32 (HKLM-x32\...\AmazonMeter) (Version: 1.1.32 - Nielsen)

    -------------------------
    Highlight the contents of the below code box and press Ctrl + C:
    Code:
    Start::
    
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    HKU\S-1-5-21-1141043472-1697957806-4131134518-1001\...\Run: [Bomgar_Cleanup_ZD7897178125655] => cmd.exe /C rd /S /Q "C:\Users\lanem\AppData\Local\Temp\nsfDD23.tmpb" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD7897178125655 /f <==== ATTENTION
    HKU\S-1-5-21-1141043472-1697957806-4131134518-1001\...\Run: [Bomgar_Cleanup_ZD81164312381] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5a1cac40" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD81164312381 /f <==== ATTENTION
    
    SearchScopes: HKU\S-1-5-21-1141043472-1697957806-4131134518-1001 -> DefaultScope {DD74281F-621D-4247-B024-34A270CF4230} URL =
    SearchScopes: HKU\S-1-5-21-1141043472-1697957806-4131134518-1001 -> {DD74281F-621D-4247-B024-34A270CF4230} URL =
    SearchScopes: HKU\S-1-5-21-1141043472-1697957806-4131134518-1003 -> DefaultScope {DD74281F-621D-4247-B024-34A270CF4230} URL =
    SearchScopes: HKU\S-1-5-21-1141043472-1697957806-4131134518-1003 -> {DD74281F-621D-4247-B024-34A270CF4230} URL =
    
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.4.15\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.4.15\Exts\Chrome.crx <not found>
    
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
    
    cmd: ipconfig /flushdns
    cmd: ipconfig /release
    cmd: ipconfig /renew
    cmd: netsh advfirewall reset
    cmd: netsh advfirewall set allprofiles state ON
    cmd: netsh winsock reset
    cmd: netsh int ip reset c:\resetlog.txt
    cmd: netsh int ipv4 reset
    cmd: netsh int ipv6 reset
    cmd: bitsadmin /reset /allusers
    
    End::
    Right-click on FRST/FRST64 and select Run as Administrator.
    Click on Fix.
    Note - there is no need to paste the contents of the code box anywhere.
    If your computer restarts, allow it to do so.
    Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
    Please copy and paste the contents of the fixlog into your next reply.

    Note: this step will reset your Firewall. If a program you recognize asks to be allowed through the firewall, agree to the request.

    Let me know if the problems persist.
     
  7. lanemom

    lanemom Thread Starter

    Joined:
    Feb 25, 2019
    Messages:
    38
    I will paste the Fix log below. I have used Shoptracker in the past. I'm not sure I did the Fix correctly. I copied the contents above, then right-clicked on the FRST utility, ran as administrator, clicked Fix. So you don't paste the text above anywhere, right? Here is the Fix log. I ran another speed test at speedtest.net - DL = 40.66, UP = 71.59. Better than before but not great. It takes a very long time to even switch between open tabs. Please let me know if I didn't do the Fix correctly. Thanks.


    Fix result of Farbar Recovery Scan Tool (x64) Version: 25.02.2019 01
    Ran by lanem (26-02-2019 17:48:03) Run:1
    Running from C:\Users\Carol\Downloads
    Loaded Profiles: lanem & Carol (Available Profiles: lanem & Carol)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    HKU\S-1-5-21-1141043472-1697957806-4131134518-1001\...\Run: [Bomgar_Cleanup_ZD7897178125655] => cmd.exe /C rd /S /Q "C:\Users\lanem\AppData\Local\Temp\nsfDD23.tmpb" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD7897178125655 /f <==== ATTENTION
    HKU\S-1-5-21-1141043472-1697957806-4131134518-1001\...\Run: [Bomgar_Cleanup_ZD81164312381] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5a1cac40" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD81164312381 /f <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-1141043472-1697957806-4131134518-1001 -> DefaultScope {DD74281F-621D-4247-B024-34A270CF4230} URL =
    SearchScopes: HKU\S-1-5-21-1141043472-1697957806-4131134518-1001 -> {DD74281F-621D-4247-B024-34A270CF4230} URL =
    SearchScopes: HKU\S-1-5-21-1141043472-1697957806-4131134518-1003 -> DefaultScope {DD74281F-621D-4247-B024-34A270CF4230} URL =
    SearchScopes: HKU\S-1-5-21-1141043472-1697957806-4131134518-1003 -> {DD74281F-621D-4247-B024-34A270CF4230} URL =
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.4.15\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.4.15\Exts\Chrome.crx <not found>
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
    cmd: ipconfig /flushdns
    cmd: ipconfig /release
    cmd: ipconfig /renew
    cmd: netsh advfirewall reset
    cmd: netsh advfirewall set allprofiles state ON
    cmd: netsh winsock reset
    cmd: netsh int ip reset c:\resetlog.txt
    cmd: netsh int ipv4 reset
    cmd: netsh int ipv6 reset
    cmd: bitsadmin /reset /allusers

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKU\S-1-5-21-1141043472-1697957806-4131134518-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD7897178125655" => removed successfully
    "HKU\S-1-5-21-1141043472-1697957806-4131134518-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD81164312381" => removed successfully
    "HKU\S-1-5-21-1141043472-1697957806-4131134518-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKU\S-1-5-21-1141043472-1697957806-4131134518-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD74281F-621D-4247-B024-34A270CF4230} => removed successfully
    HKLM\Software\Classes\CLSID\{DD74281F-621D-4247-B024-34A270CF4230} => not found
    "HKU\S-1-5-21-1141043472-1697957806-4131134518-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKU\S-1-5-21-1141043472-1697957806-4131134518-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD74281F-621D-4247-B024-34A270CF4230} => removed successfully
    HKLM\Software\Classes\CLSID\{DD74281F-621D-4247-B024-34A270CF4230} => not found
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully
    HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => not found

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= ipconfig /release =========


    Windows IP Configuration

    No operation can be performed on Wi-Fi while it has its media disconnected.
    No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
    No operation can be performed on Local Area Connection* 2 while it has its media disconnected.

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix . :
    Link-local IPv6 Address . . . . . : fe80::5823:7d4:f9f4:121a%7
    Default Gateway . . . . . . . . . :

    Wireless LAN adapter Wi-Fi:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    Wireless LAN adapter Local Area Connection* 1:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    Wireless LAN adapter Local Area Connection* 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    ========= End of CMD: =========


    ========= ipconfig /renew =========


    Windows IP Configuration

    No operation can be performed on Wi-Fi while it has its media disconnected.
    No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
    No operation can be performed on Local Area Connection* 2 while it has its media disconnected.

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix . : tds
    Link-local IPv6 Address . . . . . : fe80::5823:7d4:f9f4:121a%7
    IPv4 Address. . . . . . . . . . . : 192.168.0.11
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.1

    Wireless LAN adapter Wi-Fi:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    Wireless LAN adapter Local Area Connection* 1:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    Wireless LAN adapter Local Area Connection* 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :

    ========= End of CMD: =========


    ========= netsh advfirewall reset =========

    Ok.


    ========= End of CMD: =========


    ========= netsh advfirewall set allprofiles state ON =========

    Ok.


    ========= End of CMD: =========


    ========= netsh winsock reset =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= netsh int ip reset c:\resetlog.txt =========

    Resetting Compartment Forwarding, OK!
    Resetting Compartment, OK!
    Resetting Control Protocol, OK!
    Resetting Echo Sequence Request, OK!
    Resetting Global, OK!
    Resetting Interface, OK!
    Resetting Anycast Address, OK!
    Resetting Multicast Address, OK!
    Resetting Unicast Address, OK!
    Resetting Neighbor, OK!
    Resetting Path, OK!
    Resetting Potential, OK!
    Resetting Prefix Policy, OK!
    Resetting Proxy Neighbor, OK!
    Resetting Route, OK!
    Resetting Site Prefix, OK!
    Resetting Subinterface, OK!
    Resetting Wakeup Pattern, OK!
    Resetting Resolve Neighbor, OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , failed.
    Access is denied.

    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= netsh int ipv4 reset =========

    Resetting Compartment Forwarding, OK!
    Resetting Compartment, OK!
    Resetting Control Protocol, OK!
    Resetting Echo Sequence Request, OK!
    Resetting Global, OK!
    Resetting Interface, OK!
    Resetting Anycast Address, OK!
    Resetting Multicast Address, OK!
    Resetting Unicast Address, OK!
    Resetting Neighbor, OK!
    Resetting Path, OK!
    Resetting Potential, OK!
    Resetting Prefix Policy, OK!
    Resetting Proxy Neighbor, OK!
    Resetting Route, OK!
    Resetting Site Prefix, OK!
    Resetting Subinterface, OK!
    Resetting Wakeup Pattern, OK!
    Resetting Resolve Neighbor, OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , failed.
    Access is denied.

    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= netsh int ipv6 reset =========

    Resetting Compartment Forwarding, OK!
    Resetting Compartment, OK!
    Resetting Control Protocol, OK!
    Resetting Echo Sequence Request, OK!
    Resetting Global, OK!
    Resetting Interface, OK!
    Resetting Anycast Address, OK!
    Resetting Multicast Address, OK!
    Resetting Unicast Address, OK!
    Resetting Neighbor, OK!
    Resetting Path, OK!
    Resetting Potential, OK!
    Resetting Prefix Policy, OK!
    Resetting Proxy Neighbor, OK!
    Resetting Route, OK!
    Resetting Site Prefix, OK!
    Resetting Subinterface, OK!
    Resetting Wakeup Pattern, OK!
    Resetting Resolve Neighbor, OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , failed.
    Access is denied.

    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0
    BITS administration utility.
    (C) Copyright Microsoft Corp.

    Unable to cancel {24C011F3-D344-42C4-87C8-EB9ED4774293}.
    0 out of 1 jobs canceled.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10772480 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2160086 B
    Java, Flash, Steam htmlcache => 758 B
    Windows/system/drivers => 617860 B
    Edge => 698432 B
    Chrome => 390828391 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 6656 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 22731253 B
    systemprofile32 => 0 B
    LocalService => 38304 B
    LocalService => 0 B
    NetworkService => 1674 B
    NetworkService => 0 B
    lanem => 93695 B
    Carol => 5827415 B

    RecycleBin => 161718 B
    EmptyTemp: => 413.8 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 17:52:40 ====
     
  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Hi,

    Yes, you did the FRST Fix correctly .

    Reset Network Drivers.

    Press the Windows key + X and select Device manager.
    Expand the Network Adapter section
    Right click on the installed network drivers and uninstall them.
    Restart the computer. (The network drivers will be reinstalled when you reboot the computer)


    Let me know if the problem persists.
     
  9. lanemom

    lanemom Thread Starter

    Joined:
    Feb 25, 2019
    Messages:
    38

    Which ones are the drivers?

    upload_2019-2-26_21-39-56.png
     
  10. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Hi,

    Try the steps for the Intel and Realtek adapters.
     
  11. lanemom

    lanemom Thread Starter

    Joined:
    Feb 25, 2019
    Messages:
    38
    I'm having trouble with the Administrator account and can't make changes to the adapters. I am logged in with an Administrator account but when I try to make changes, get the message that I'm not logged in as Admin. I have two user accounts and I am logged in with the one that shows Administrator (see below). Can you help me? Should I delete the other account? I tried logging in with that account but get the same message.

    View attachment 268691
     
  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Hi,

    Your screenshot shows your email address in it. You may want to edit your post and remove it.

    --------------

    Can you post a screenshot of the message you receive when you try to uninstall the network adapters?
     
  13. lanemom

    lanemom Thread Starter

    Joined:
    Feb 25, 2019
    Messages:
    38
    When I open Device Mgr I get a pop-up that I can only view it. Can’t make changes because I’m not logged in as as Admin.
     
  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Can you post a screenshot of the pop-up when you open Device Manager?
     
  15. lanemom

    lanemom Thread Starter

    Joined:
    Feb 25, 2019
    Messages:
    38
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1223599

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice