Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Browser still slow after removing multiple PUP files?

18 Sep 2015   #1
HankKingsley

Windows 7 64bit Home
 
 
Browser still slow after removing multiple PUP files?

Hello,

I have an Acer Aspire X1430 desktop running Windows 7 Home Premium 6.1.7601 Service Pack 1 Build 7601 on my bench currently that I am trying to fix for a friend.

He reported slowdowns and performance issues. His Windows install was behind the times in terms of updates, so updated it through the control panel Windows Update to latest patches.

After uninstalling McAfee (installed by prior techs at Office Depot unfortunately) and installing Avast, ran a scan and removed several hits that were PUP related.

Also installed and ran Malwarebytes, which also picked of PUP related files and removed them.

After that, both Avast (boot time scan) and Malwarebytes scans report back clean with no hits.

However, the browser (latest version of Firefox, uninstalled and reinstalled it) is still lagging a lot loading pages and playing video content through Flash, so I thought I should post here and make sure that all traces of infection are truly removed from the machine, but I am unsure what the best way to go about that is, I didn't want to just start using HiJack This or Combofix without some assistance.


It may be unrelated, I don't know, but the icons for Malwarebytes shortcut that is pinned to the taskbar keeps changing to a generic icon. (fixed by deleting iconcache.db and restarting explorer.exe).


Any advice would be much appreciated, thank you for your time.


My System SpecsSystem Spec
.
18 Sep 2015   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Just for starters, download DDS from one of these links:

DDS.com
DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.

Include the contents of both logs in your next post.
My System SpecsSystem Spec
18 Sep 2015   #3
HankKingsley

Windows 7 64bit Home
 
 

Attached is a .zip with both logs. Or do you prefer I post the contents directly?


Attached Files
File Type: zip dds_logs.zip (9.0 KB, 3 views)
My System SpecsSystem Spec
.

19 Sep 2015   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

From Programs and Features, uninstall Shopping Helper Smartbar. The Shopping Helper Smartbar infection is used to boost advertising revenue.

After doing that, download AdwCleaner by Xplode and save to your Desktop.

Step 1.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Step 2.
Using AdwCleaner: Scan & Clean:
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).

Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

******Post both .txt logs
My System SpecsSystem Spec
19 Sep 2015   #5
HankKingsley

Windows 7 64bit Home
 
 

If I right click in Programs and Features to uninstall Shopping Helper Smartbar, it does not run the uninstall, just spins the blue circle animation by the mouse pointer and then does nothing. Thought I should post that before proceeding with the rest.

Thanks for your help.
My System SpecsSystem Spec
19 Sep 2015   #6
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please right click on the task bar to bring up Task Manager, then click on the "processes" tab. Click on Shopping Helper Smartbar and end the process.

Now see if you can uninstall it... It might have to be done in 'safe mode'.

AdwCleaner is next to run; it will remove the file and components. Please post the .txt logs I asked for. Thanks!
My System SpecsSystem Spec
19 Sep 2015   #7
HankKingsley

Windows 7 64bit Home
 
 

I could not get Shopping Helper Smartbar to uninstall, there was no running process for it in Task Manager, and rebooting in safe mode did not allow it to be uninstalled either, just spun it's wheels again and did nothing. I moved past it and ran ADWCleaner, (after cleaning, the Shopping Helper Smartbar is no longer listed in Add/Remove Programs, in any case).

Posting both logs in text here made the post too long, so attached them as .zip instead.

FYI, I also went in to AVAST settings and turned on the option for PUP detection.

Thanks.


Attached Files
File Type: zip AdwCleaner_logs.zip (8.5 KB, 2 views)
My System SpecsSystem Spec
20 Sep 2015   #8
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Some things weren't deleted ....

Please download Junkware Removal Tool to your desktop.
  • Disconnect from the Internet. Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
My System SpecsSystem Spec
20 Sep 2015   #9
HankKingsley

Windows 7 64bit Home
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 7 Home Premium x64
Ran by Bill on Sun 09/20/2015 at 10:49:50.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCSpeedCleanPRO_Popup
Successfully deleted: [Task] C:\Windows\system32\tasks\PCSpeedCleanPRO_Start



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322282250}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220622282246}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366286650}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660666286646}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SkinLauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SkinLauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322282250}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220622282246}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366286650}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660666286646}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366286650}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660666286646}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366286650}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660666286646}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{04CB5F56-FC44-4C5F-BBDA-CE05848CC186}
Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{0C2FF78D-CDE8-484C-9A03-78DC8CA6DB7F}
Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{18A0D1EA-D2F7-4AF4-AC96-2111AAEF2979}
Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{2BE44302-9CD1-44C9-AD34-3D2B2B53A4FF}
Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{2DFE2458-1ECD-454C-9D0A-50F559E06C29}
Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{6A77FDB0-363C-450C-B294-69F8ED74AE6A}
Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{71DE602D-FCB5-40A3-A84F-385157C8C611}
Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{87707C79-2656-4893-814D-ED6C938BBA07}
Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{B98CAE61-BB29-4DF4-9783-5C49DC4E478F}
Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{C9F5AD56-8A8E-4DC8-B04F-8DA13C3C8011}
Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{DE1BFD1D-DA1A-4820-8089-8DDEDC2E10C2}
Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{DE77F99E-15FC-402F-9E79-D4E372A30DF7}
Successfully deleted: [Folder] C:\Program Files (x86)\pricef~1
Successfully deleted: [Folder] C:\Users\Bill\Appdata\Local\com
Successfully deleted: [Folder] C:\Users\Bill\Appdata\Local\icsharpcode.net
Successfully deleted: [Folder] C:\Users\Bill\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\Users\Bill\Appdata\LocalLow\pricefinder
Successfully deleted: [Folder] C:\Users\Bill\AppData\Roaming\pricefinder
Successfully deleted: [Folder] C:\ProgramData\daeeale4me



~~~ FireFox

Emptied folder: C:\Users\Bill\AppData\Roaming\mozilla\firefox\profiles\wv3a5xkf.default\minidumps [35 files]



~~~ Chrome


[C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/20/2015 at 11:01:19.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My System SpecsSystem Spec
20 Sep 2015   #10
HankKingsley

Windows 7 64bit Home
 
 

I also ran ESET last night, as I am running short on time to complete this and return it.

--- START ESET LOG ---

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Protect\PCProxyDLL.dll.vir a variant of Win32/AdWare.Loadshop.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Protect\pcwtc64f.sys.vir Win64/Adware.Loadshop.D application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Protect\postcollect.exe.vir Win32/AdWare.Loadshop.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Bill\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer. dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Bill\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0 .2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting - quarantined
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application cleaned by deleting - quarantined
C:\Users\Bill\AppData\LocalLow\Installl_Converter\hk64tbInst.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
C:\Users\Bill\AppData\LocalLow\Installl_Converter\hktbInst.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\Users\Bill\AppData\LocalLow\Installl_Converter\ldrtbInst.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined
C:\Users\Bill\AppData\LocalLow\Installl_Converter\tbInst.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
C:\Users\Bill\AppData\LocalLow\Installl_Converter\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\Bill\AppData\Roaming\DCUP JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\Users\Bill\Downloads\ccsetup509.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Windows\Installer\MSIEBE9.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\ProxySettings.dll a variant of MSIL/Toolbar.Linkury.X potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\Smartbar.Communication.NamedPipe.dll a variant of MSIL/Toolbar.Linkury.W potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\Smartbar.GUI.Docking.dll a variant of MSIL/Toolbar.Linkury.AC potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\Smartbar.Infrastructure.Utilities.dll a variant of MSIL/Toolbar.Linkury.T potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\spbe.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\spbl.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\sppsm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\spusm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\srbu.dll a variant of MSIL/Toolbar.Linkury.F potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\sreu.dll a variant of MSIL/Toolbar.Linkury.V potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\srptc.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\srpu.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSIEDCE.tmp-\srut.dll a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application cleaned by deleting - quarantined
F:\BILL-PC\Backup Set 2015-09-17 235856\Backup Files 2015-09-17 235856\Backup files 1.zip JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
F:\BILL-PC\Backup Set 2015-09-17 235856\Backup Files 2015-09-17 235856\Backup files 3.zip a variant of Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined


--- END ESET LOG ---

Thank you for your help.
My System SpecsSystem Spec
Reply

 Browser still slow after removing multiple PUP files?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Highlighting multiple files too slow
Hi, When I want to select many files in a folder, I have to pause over each one for a while until it changes from a translucent shade to solid. This annoys the hell out of me as it slows me down when working in Windows. TBH, this was a problem in Vista as well, but I always seemed to fix it by...
General Discussion
copy/paste multiple files get really slow
Hi guys, Recently,I noticed a significant drop in speed when copy/paste more than one files,as in the chart below.Then I tried fastcopy,and it seems my hard drives work fine. So what is wrong with explorer.exe ? Thanks!
Performance & Maintenance
Slow browser, slow internet, random audio ads: virus?
So yeah, I've these problems for the past couple days. My browsers (Opera and Firefox) used to load pages quickly, but now they're painfully slow. Opera lags and freezes often; Firefox doesn't, but it still takes a very long time to load pages. I'm also getting these occasional "invisible ads,"...
System Security
My laptop gets slow when I open a folder with multiple .wav files
Hi I've had this issue with my laptop and someone else's before. I make a beat, then I export it out into multiple .wav files for mixing and stuff, then when I go to that folder in Windows Explorer, it takes forever to load (like the address bar takes forever to load) and slows my computer very...
Music, Pictures & Video
File Browser: Removing the text from the top
Since the title seems a bit confusing, I have a screenshot example: http://i.imgur.com/pbUVQ.png I know by default that there shouldn't be any text at the top in Windows 7. I want to know what may have caused this change and how I can remove the text? If you need more information, I will...
Customization
Help needed removing malware(browser related)
Hello. I am trying to fix a friend's laptop computer that has Windows 7 installed. When he gave it to me it was infected with some assorted malware(trojans, etc.). At first, I could not open any applications whatsoever. Every time I would try it would ask me if I wanted to use internet explorer...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:43.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App