Browser still slow after removing multiple PUP files?

Page 1 of 2 12 LastLast

  1. HankKingsley
    Posts : 12
    Windows 7 64bit Home
       New #1

    Browser still slow after removing multiple PUP files?


    Hello,

    I have an Acer Aspire X1430 desktop running Windows 7 Home Premium 6.1.7601 Service Pack 1 Build 7601 on my bench currently that I am trying to fix for a friend.

    He reported slowdowns and performance issues. His Windows install was behind the times in terms of updates, so updated it through the control panel Windows Update to latest patches.

    After uninstalling McAfee (installed by prior techs at Office Depot unfortunately) and installing Avast, ran a scan and removed several hits that were PUP related.

    Also installed and ran Malwarebytes, which also picked of PUP related files and removed them.

    After that, both Avast (boot time scan) and Malwarebytes scans report back clean with no hits.

    However, the browser (latest version of Firefox, uninstalled and reinstalled it) is still lagging a lot loading pages and playing video content through Flash, so I thought I should post here and make sure that all traces of infection are truly removed from the machine, but I am unsure what the best way to go about that is, I didn't want to just start using HiJack This or Combofix without some assistance.


    It may be unrelated, I don't know, but the icons for Malwarebytes shortcut that is pinned to the taskbar keeps changing to a generic icon. (fixed by deleting iconcache.db and restarting explorer.exe).


    Any advice would be much appreciated, thank you for your time.
      My Computer
    Quote Quote

  3. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #2

    Just for starters, download DDS from one of these links:

    DDS.com
    DDS.pif
    • Disable any script blocking protection
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt <--- will be minimized in the task tray
    • Save both reports to your desktop.


    Include the contents of both logs in your next post.
      My Computer
    Quote Quote

  4. HankKingsley
    Posts : 12
    Windows 7 64bit Home
    Thread Starter
       New #3

    Attached is a .zip with both logs. Or do you prefer I post the contents directly?
    Browser still slow after removing multiple PUP files? Attached Files
      My Computer
    Quote Quote

  6. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #4

    From Programs and Features, uninstall Shopping Helper Smartbar. The Shopping Helper Smartbar infection is used to boost advertising revenue.

    After doing that, download AdwCleaner by Xplode and save to your Desktop.

    Step 1.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    Step 2.
    Using AdwCleaner: Scan & Clean:
    This time click on the Clean button.
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).

    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder

    ******Post both .txt logs
      My Computer
    Quote Quote

  7. HankKingsley
    Posts : 12
    Windows 7 64bit Home
    Thread Starter
       New #5

    If I right click in Programs and Features to uninstall Shopping Helper Smartbar, it does not run the uninstall, just spins the blue circle animation by the mouse pointer and then does nothing. Thought I should post that before proceeding with the rest.

    Thanks for your help.
      My Computer
    Quote Quote

  8. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #6

    Please right click on the task bar to bring up Task Manager, then click on the "processes" tab. Click on Shopping Helper Smartbar and end the process.

    Now see if you can uninstall it... It might have to be done in 'safe mode'.

    AdwCleaner is next to run; it will remove the file and components. Please post the .txt logs I asked for. Thanks!
      My Computer
    Quote Quote

  10. HankKingsley
    Posts : 12
    Windows 7 64bit Home
    Thread Starter
       New #7

    I could not get Shopping Helper Smartbar to uninstall, there was no running process for it in Task Manager, and rebooting in safe mode did not allow it to be uninstalled either, just spun it's wheels again and did nothing. I moved past it and ran ADWCleaner, (after cleaning, the Shopping Helper Smartbar is no longer listed in Add/Remove Programs, in any case).

    Posting both logs in text here made the post too long, so attached them as .zip instead.

    FYI, I also went in to AVAST settings and turned on the option for PUP detection.

    Thanks.
    Browser still slow after removing multiple PUP files? Attached Files
    Last edited by HankKingsley; 19 Sep 2015 at 22:23. Reason: added info
      My Computer
    Quote Quote

  11. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #8

    Some things weren't deleted ....

    Please download Junkware Removal Tool to your desktop.

    • Disconnect from the Internet. Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
      My Computer
    Quote Quote

  12. HankKingsley
    Posts : 12
    Windows 7 64bit Home
    Thread Starter
       New #9

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.2 (09.14.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Bill on Sun 09/20/2015 at 10:49:50.26
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\Windows\system32\tasks\PCSpeedCleanPRO_Popup
    Successfully deleted: [Task] C:\Windows\system32\tasks\PCSpeedCleanPRO_Start



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322282250}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220622282246}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366286650}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660666286646}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.Radio
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.Radio.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SkinLauncher
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SkinLauncher.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322282250}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220622282246}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366286650}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660666286646}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366286650}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660666286646}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366286650}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660666286646}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{04CB5F56-FC44-4C5F-BBDA-CE05848CC186}
    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{0C2FF78D-CDE8-484C-9A03-78DC8CA6DB7F}
    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{18A0D1EA-D2F7-4AF4-AC96-2111AAEF2979}
    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{2BE44302-9CD1-44C9-AD34-3D2B2B53A4FF}
    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{2DFE2458-1ECD-454C-9D0A-50F559E06C29}
    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{6A77FDB0-363C-450C-B294-69F8ED74AE6A}
    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{71DE602D-FCB5-40A3-A84F-385157C8C611}
    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{87707C79-2656-4893-814D-ED6C938BBA07}
    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{B98CAE61-BB29-4DF4-9783-5C49DC4E478F}
    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{C9F5AD56-8A8E-4DC8-B04F-8DA13C3C8011}
    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{DE1BFD1D-DA1A-4820-8089-8DDEDC2E10C2}
    Successfully deleted: [Empty Folder] C:\Users\Bill\Appdata\Local\{DE77F99E-15FC-402F-9E79-D4E372A30DF7}
    Successfully deleted: [Folder] C:\Program Files (x86)\pricef~1
    Successfully deleted: [Folder] C:\Users\Bill\Appdata\Local\com
    Successfully deleted: [Folder] C:\Users\Bill\Appdata\Local\icsharpcode.net
    Successfully deleted: [Folder] C:\Users\Bill\Appdata\LocalLow\company
    Successfully deleted: [Folder] C:\Users\Bill\Appdata\LocalLow\pricefinder
    Successfully deleted: [Folder] C:\Users\Bill\AppData\Roaming\pricefinder
    Successfully deleted: [Folder] C:\ProgramData\daeeale4me



    ~~~ FireFox

    Emptied folder: C:\Users\Bill\AppData\Roaming\mozilla\firefox\profiles\wv3a5xkf.default\minidumps [35 files]



    ~~~ Chrome


    [C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Bill\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 09/20/2015 at 11:01:19.06
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      My Computer
    Quote Quote

  13. HankKingsley
    Posts : 12
    Windows 7 64bit Home
    Thread Starter
       New #10

    I also ran ESET last night, as I am running short on time to complete this and return it.

    --- START ESET LOG ---

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Protect\PCProxyDLL.dll.vir a variant of Win32/AdWare.Loadshop.A application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Protect\pcwtc64f.sys.vir Win64/Adware.Loadshop.D application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Protect\postcollect.exe.vir Win32/AdWare.Loadshop.A application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Bill\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer. dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Bill\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0 .2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting - quarantined
    C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application cleaned by deleting - quarantined
    C:\Users\Bill\AppData\LocalLow\Installl_Converter\hk64tbInst.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting - quarantined
    C:\Users\Bill\AppData\LocalLow\Installl_Converter\hktbInst.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
    C:\Users\Bill\AppData\LocalLow\Installl_Converter\ldrtbInst.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting - quarantined
    C:\Users\Bill\AppData\LocalLow\Installl_Converter\tbInst.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting - quarantined
    C:\Users\Bill\AppData\LocalLow\Installl_Converter\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application cleaned by deleting - quarantined
    C:\Users\Bill\AppData\Roaming\DCUP JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
    C:\Users\Bill\Downloads\ccsetup509.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
    C:\Windows\Installer\MSIEBE9.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\ProxySettings.dll a variant of MSIL/Toolbar.Linkury.X potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\Smartbar.Communication.NamedPipe.dll a variant of MSIL/Toolbar.Linkury.W potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\Smartbar.GUI.Docking.dll a variant of MSIL/Toolbar.Linkury.AC potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\Smartbar.Infrastructure.Utilities.dll a variant of MSIL/Toolbar.Linkury.T potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\spbe.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\spbl.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\sppsm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\spusm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\srbu.dll a variant of MSIL/Toolbar.Linkury.F potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\sreu.dll a variant of MSIL/Toolbar.Linkury.V potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\srptc.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\srpu.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application cleaned by deleting - quarantined
    C:\Windows\Installer\MSIEDCE.tmp-\srut.dll a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application cleaned by deleting - quarantined
    F:\BILL-PC\Backup Set 2015-09-17 235856\Backup Files 2015-09-17 235856\Backup files 1.zip JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
    F:\BILL-PC\Backup Set 2015-09-17 235856\Backup Files 2015-09-17 235856\Backup files 3.zip a variant of Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined


    --- END ESET LOG ---

    Thank you for your help.
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
Hi, When I want to select many files in a folder, I have to pause over each one for a while until it changes from a translucent shade to solid. This annoys the hell out of me as it slows me down when working in Windows. TBH, this was a problem in Vista as well, but I always seemed to fix it by...
copy/paste multiple files get really slow
in Performance & Maintenance

Hi guys, Recently,I noticed a significant drop in speed when copy/paste more than one files,as in the chart below.Then I tried fastcopy,and it seems my hard drives work fine. So what is wrong with explorer.exe ? Thanks! 328211
So yeah, I've these problems for the past couple days. My browsers (Opera and Firefox) used to load pages quickly, but now they're painfully slow. Opera lags and freezes often; Firefox doesn't, but it still takes a very long time to load pages. I'm also getting these occasional "invisible ads,"...
Hi I've had this issue with my laptop and someone else's before. I make a beat, then I export it out into multiple .wav files for mixing and stuff, then when I go to that folder in Windows Explorer, it takes forever to load (like the address bar takes forever to load) and slows my computer very...
Since the title seems a bit confusing, I have a screenshot example: http://i.imgur.com/pbUVQ.png I know by default that there shouldn't be any text at the top in Windows 7. I want to know what may have caused this change and how I can remove the text? If you need more information, I will...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 18:44.
Find Us