PC Slow Starting
- Thread starter Gwalch Y Mor
- Start date
- Status
Gwalch Y Mor
New member
Ken,
I removed all the infections that Malwarebytes found and also did the scan with TDSS which found no infections .
The PC is still slow at booting up , could what ever it is be hiding somewhere on the system ? as the first scans temporarily cured the problem .
Gwalch .
I removed all the infections that Malwarebytes found and also did the scan with TDSS which found no infections .
The PC is still slow at booting up , could what ever it is be hiding somewhere on the system ? as the first scans temporarily cured the problem .
Gwalch .
ken545
Emeritus-Security Expert
Lets run a free online Virus Scanner, this may take a bit of time, lets see what if anything it finds
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
The log that was produced after running ESET Online Scanner.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Click on
- Check
- Click the button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option "Remove found threats" is Unchecked
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time. - When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply. - Push the button.
- Push
The log that was produced after running ESET Online Scanner.
Gwalch Y Mor
New member
The Eset link is not working
Gwalch Y Mor
New member
Sorry,
Please ignore the last post .
Please ignore the last post .
Gwalch Y Mor
New member
Ken,
The scan found 9 infected files by a "win32 adware cidhelp" variant .
The scan found 9 infected files by a "win32 adware cidhelp" variant .
Gwalch Y Mor
New member
Here is the "eset " log :-
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dc8642232a53df43b28d72cbe67875d2
# engine=15141
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-15 08:39:54
# local_time=2013-09-15 09:39:54 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777214 0 0 28854430 28854430 0 0
# compatibility_mode=5892 16777213 88 100 2184352 91325656 0 0
# scanned=113097
# found=9
# cleaned=9
# scan_time=3621
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache(2)\f_000002"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (1).exe"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (2).exe"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (3).exe"
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (4).exe"
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (5).exe"
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (6).exe"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482.exe"
sh=7F1997770D8956265C8FE12980E432E688BD641E ft=1 fh=e2022e4e4bbab66b vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Shannon\My Documents\PageRageSetup.exe"
I have re-booted the PC several times now and it is back to normal. Will let you know tomorrow if it is still ok.
I would like to thank for advising with me with removing this crap off my computer , your efforts are very much appreciated .
Best regards
Gary
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dc8642232a53df43b28d72cbe67875d2
# engine=15141
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-15 08:39:54
# local_time=2013-09-15 09:39:54 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777214 0 0 28854430 28854430 0 0
# compatibility_mode=5892 16777213 88 100 2184352 91325656 0 0
# scanned=113097
# found=9
# cleaned=9
# scan_time=3621
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache(2)\f_000002"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (1).exe"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (2).exe"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (3).exe"
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (4).exe"
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (5).exe"
sh=BE96EA12536531C536C311DD27CA578B3BD631B9 ft=1 fh=fb01d7d4004b2066 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482 (6).exe"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Garry\My Documents\Downloads\MsgPlusLive-482.exe"
sh=7F1997770D8956265C8FE12980E432E688BD641E ft=1 fh=e2022e4e4bbab66b vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Shannon\My Documents\PageRageSetup.exe"
I have re-booted the PC several times now and it is back to normal. Will let you know tomorrow if it is still ok.
I would like to thank for advising with me with removing this crap off my computer , your efforts are very much appreciated .
Best regards
Gary
Gwalch Y Mor
New member
So far the PC is behaving ok . I have done 4 boot up's today and the problem has not returned .
ken545
Emeritus-Security Expert
Wonderful, I am so glad things are back to normal for you. I will be gone the next two weeks on vacation so if any more problems just start a new thread.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
Safe Surfn
Ken
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.- Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
- WhattheTech
- Grinler BleepingComputer
- GeeksTo Go
- Dslreports
Safe Surfn
Ken
- Status