Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer much slower than usual, almost unusable

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Computer much slower than usual, almost unusable

Unread postby Ratagin » May 31st, 2015, 4:28 am

Hello,

A. I had one problem but I think everything is ok now. When running OTL the program stopped and this log showed up afterwards:

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

B. After rebooting and trying OTL again, it worked, here is the log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Sony\EverQuest\dsetup.dll not found.
File\Folder C:\Users\Matt\Downloads\BitTorrent-6.4c.exe not found.
File\Folder C:\Users\Matt\Downloads\CuteWriter.exe not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv12 (1).zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv12 (2).zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv12.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv13 (1).zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv13.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv14.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv15.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv17.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv18.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv19.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv20.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv21.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv22.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv23.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv24.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv25.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv26.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv27.zip not found.
File\Folder C:\Users\Matt\Downloads\eqchangesv28.zip not found.
File\Folder C:\Users\Matt\Downloads\P99Files30.zip not found.
File\Folder C:\Users\Matt\Downloads\P99Files31.zip not found.
File\Folder C:\Users\Matt\Downloads\P99Files32.zip not found.
File\Folder C:\Users\Matt\Downloads\P99Files33.zip not found.
File\Folder C:\Users\Matt\Downloads\P99Files36.zip not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 679344 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4627039 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RA Media Server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3530 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05312015_031602

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

C. Drive C: status was Good and was 8% fragmented. Since it was not 10% or greater I did not defrag. Out of curiosity I analyzed the recovery drive D: and it was also Good but 70% fragmented. I did not defrag since not instructed to do so.

D. Google chrome successfully installed and imported bookmarks successfully.

E. Not sure.

-Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm
Advertisement
Register to Remove

Re: Computer much slower than usual, almost unusable

Unread postby pgmigg » May 31st, 2015, 2:15 pm

Hello Ratagin,

C. Drive C: status was Good and was 8% fragmented. Since it was not 10% or greater I did not defrag. Out of curiosity I analyzed the recovery drive D: and it was also Good but 70% fragmented. I did not defrag since not instructed to do so.
Nice job! :D I don't recommend to defrag Recovery drive - there is enough to return back to original free space amount:
Drive C: | 218.20 Gb Total Space | 71.55 Gb Free Space | 32.79% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.54 Gb Free Space | 44.62% Space Free | Partition Type: NTFS

Both of your disks have enough free space.

My recommendation for Back up: try to do it periodically to the external drive. Please do it manually - no one else knows better than you what files should be backup-ed - I mean your documents, your photos and videos, etc.

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
OTL - Run Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 2.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 3.
Hide Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    control folders
  5. Click on the View tab, then under the "Hidden files and folders" section
    • UNSELECT "Show hidden files and folders"
    • Place check mark in check box "Hide extensions for known file types"
    • Place check mark in check box "Hide protected operating system files"
  6. Press the Apply, then the OK buttons.

Step 4.
Please download delfix and save it to your desktop.
  1. Right-click on delfix.exe and select "Run as administrator"to run it.
  2. Check the following boxes then click on Run.
    1. Activate UAC
    2. Remove disinfection tools
    3. Create registry backup
    4. Reset system settings
  3. All tools we used to clean your computer should be gone now.
  4. You can now delete any tools/logs we used if they remain on your computer.

Then:
  • Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer much slower than usual, almost unusable

Unread postby Ratagin » May 31st, 2015, 5:10 pm

Hi pgmigg,

Thanks for the help!

I have some questions.

I completed through step 3, but on step 4, the delfix link you posted is asking for username/sign in, and there are only links to piwik. Should I sign up at https://analytics.general-changelog-team.fr/?

Also, two programs/files that were removed during this process are from programs I use frequently.
1. zotero - this is a plug in for firefox (or safari on mac) that allows the organization/saving/storing of paper citations (I am a physicist who does a lot of research). https://www.zotero.org/
2. dsetup.dll in the C:\Sony\EverQuest\ folder - I play a video game emulator that uses this .dll file to detect cheaters. http://www.project1999.com/forums/showt ... p?t=164472 I am also guessing that is why all the C:\Users\Matt\Downloads\eqchangesv##.zip and C:\Users\Matt\Downloads\P99Files##.zip were detected (because those updates contain the dsetup.dll file).

Do you know why specifically these two files were flagged? I am unsure why zotero would have a problem. IThe dsetup.dll is packaged with themida, which is why lots of antivirus software will flag it. http://www.project1999.com/forums/showt ... tup&page=4

Both of these programs I have been using for years without issue.

Also, it seems that Avast slows down my computer. I really don't go to dangerous websites or use p2p software. Is it feasible to just use MalwareBytes and scan my computer every couple weeks?

Thanks,
Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Computer much slower than usual, almost unusable

Unread postby pgmigg » June 1st, 2015, 12:53 am

Hello Ratagin,

Thanks for the help!
You are very welcome! :D
I completed through step 3, but on step 4, the delfix link you posted is asking for username/sign in, and there are only links to piwik. Should I sign up at
It looks like a redirection - you don't need to sign up anywhere!
Please try to download it from different place - from here...
Also, two programs/files that were removed during this process are from programs I use frequently.
1. zotero - this is a plug in for firefox (or safari on mac) that allows the organization/saving/storing of paper citations (I am a physicist who does a lot of research).
2. dsetup.dll in the C:\Sony\EverQuest\ folder - I play a video game emulator that uses this .dll file to detect cheaters. I am also guessing that is why all the C:\Users\Matt\Downloads\eqchangesv##.zip and C:\Users\Matt\Downloads\P99Files##.zip were detected (because those updates contain the dsetup.dll file).

Do you know why specifically these two files were flagged? I am unsure why zotero would have a problem. The dsetup.dll is packaged with themida, which is why lots of antivirus software will flag it.

Both of these programs I have been using for years without issue.
The zotero itself is save and should not be a problem at all. You can reinstall it now and use as you did it before. But when your computer was infected, the plugin was compromised and then cleaned.
The dsetup.dll has a different story. It is part of many installation packages and some anti-virus programs including Avast detect trojan-like activity inside. To be sure that it is not a fault detection I asked you to upload that file for independent online scanning where file scanned by many resources - the result was positive many times for infections and I decided to delete it. Right now you can download again the fresh copy of related software and reinstall it if needed.
Also, it seems that Avast slows down my computer. I really don't go to dangerous websites or use p2p software.
The Avast should be properly set up and updated. The current version of Avast is 2015.10.2.2218, Virus definition version is 150531-1 with number of definitions 4.116.830.
Please do the following:
  1. Right click on Avast orange icon and select Open Avast user interface.
  2. Select Settings at left bottom corner.
  3. Select Tools. Please be sure that Software Updater and Grime Fighter are off!
  4. Select Active Protection. Then select Customize for File System Shield:
    1. Select Advanced and be sure that all 4 check-boxes are checked.
    2. Select Scan when attaching and be sure that only Scan auto-run items when removable media is attached is checked.
    3. Select Scan when writing and check Scan files when writing.
    4. Select Scan when opening and be sure that all check-boxes are unchecked.
    5. Select Scan when executing and be sure that only Scan scripts when executing is checked.
    6. Please click on OK.
  5. In the Active protection window please select Customize for Mail Shield.
    1. Please uncheck Scan newsgroup messages (NNTP) on Main settings window and be sure that both Scans for inbound and outbound mails are checked.
    2. Please click on OK.
  6. In the Active protection window please select Customize for Web Shield.
    1. On the Main settings window please be sure that all 6 main check-boxes are checked and 2 sub-boxes under Enable Web scanning are unchecked.
    2. Select Web scanning and be sure that Scan all files is selected.
    3. Select Script scanning and be sure that:
      • Internet Explorer is checked;
      • Mozilla Firefox is checked;
      • Google Chrome is checked;
      • Adobe Acrobat Reader is unchecked;
      • Other application is unchecked;
    4. Please click on OK and OK one more time.
  7. Please close Avast user interface.

Is it feasible to just use MalwareBytes and scan my computer every couple weeks?
You must use one Anti-virus product and Avast is a good choice! I am personally use the same combination of defense programs - Avast Free Antivirus and MalwareBytes AntiMalware (MBAM). It is hard to declare that you should scan your computer every two, three, or four weeks. If you asked me, I can recommend you to scan by Avast and by MBAM every time when you make updates for their engines but not for definitions - the last ones may be updated even every few hours. Also you need to run full MBAM scan every time when you suspect any kind of suspicious activity on the computer or when something is going unusual |computer is slowing down suddenly, you often the redirection, Avast detected the same thing many times in a row, etc).

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer much slower than usual, almost unusable

Unread postby Ratagin » June 1st, 2015, 10:21 am

Hi pgmigg,

Ok, thanks for the info, I had one last question.

Right before I did all the antivirus stuff, I tried to speed up my computer by stopping some programs from starting during computer startup. I typed msconfig in the run box as usual and unchecked: Dell Webcam Central, Dell Video Chat, Seagate Dashboard (this is the program my external hard drive installed), iTunes, Seagate Dashboard (different from other), Xvid, Apple Push, and Quicktime.

Note, Seagate Dashboard had two programs: 1) was DBagent.exe and 2) was seagate.dashboard.uploader.exe

So I removed the above programs from the startup list (I did this right after I completed Step 3 from post viewtopic.php?f=11&t=63725&start=30#p643326). Then when restarting the computer, I got a black/white text screen similar to what happens when the computer asks if you want to start in safe mode, but it said some things changed to windows and if I want to do a system restore. I said no. Then I completed all the things in your final message.

It seems the computer is still sluggish, and I don't know why. Anyway, maybe you have some idea what's going on. It seems the computer just doesn't open windows/tabs as quickly/smoothly as it used to, especially with chrome and firefox. Also program executables seem to be slow still. It is definitely better than when I first came here, but not nearly as fast as a few weeks/month ago.

-Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Computer much slower than usual, almost unusable

Unread postby pgmigg » June 2nd, 2015, 3:16 pm

Hello Ratagin,

Right before I did all the antivirus stuff, I tried to speed up my computer by stopping some programs from starting during computer startup. I typed msconfig in the run box as usual and unchecked: Dell Webcam Central, Dell Video Chat, Seagate Dashboard (this is the program my external hard drive installed), iTunes, Seagate Dashboard (different from other), Xvid, Apple Push, and Quicktime.

Note, Seagate Dashboard had two programs: 1) was DBagent.exe and 2) was seagate.dashboard.uploader.exe
In fact, the retracting programs run at the start, not faster computing system performance. Another thing is that such work is a little releases resources that can be used for something else.

So I removed the above programs from the startup list (I did this right after I completed Step 3 from post viewtopic.php?f=11&t=63725&start=30#p643326 ). Then when restarting the computer, I got a black/white text screen similar to what happens when the computer asks if you want to start in safe mode, but it said some things changed to windows and if I want to do a system restore. I said no. Then I completed all the things in your final message.
The mentioned Step 3 cannot affect the problems rebooting. It was set off the visibility of some system files in the Windows Explorer - nothing more.
The removing programs from the startup list by msconfig utility may caused such behavior - but this issue is out of the frame of malware removal.

It seems the computer is still sluggish, and I don't know why. Anyway, maybe you have some idea what's going on. It seems the computer just doesn't open windows/tabs as quickly/smoothly as it used to, especially with chrome and firefox. Also program executables seem to be slow still. It is definitely better than when I first came here, but not nearly as fast as a few weeks/month ago.
If you will need to get technical help for your not related to malware problems, I would like to refer you to a technical support forum like: Tech Support Guy.
Feel free to refer to your topic at MRU, if malware gets mentioned during the helping process.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer much slower than usual, almost unusable

Unread postby Gary R » June 5th, 2015, 5:21 pm

As your problems do not appear to be malware related, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware