Solved Chrome and Firefox browsers have become very slow recently

December 25, 2015 at 12:05:26
Specs: Windows 64, Intel Core i7 / 8GB
Hello all and Merry Christmas!

For the past few days, my internet browsers have become incredibly slow. I mainly use Chrome and it generally lags and crashes when I open more than two tabs. I don't think this is as a result of a new add-on or plugin, as I can't find anything installed recently.

I downloaded Malwarebytes to check for malware but it came back clean. Also ran a Norton scan and it too came back clean.

Any ideas guys?


See More: Chrome and Firefox browsers have become very slow recently

Report •

#1
December 25, 2015 at 15:02:59
✔ Best Answer
Here are the first 2 steps, more steps will be needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Malwarebytes Acquires Junkware Removal Tool
https://blog.malwarebytes.org/news/...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#2
December 26, 2015 at 15:32:25
Hi John,

Thank you very much for your help. It has actually helped my speed a lot, so I think it has done the trick. Your help is always appreciated John.


AdwCleaner Log:

# AdwCleaner v5.026 - Logfile created 26/12/2015 at 23:12:35
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : MYPC
# Running from : C:\Users\MYPC\Downloads\adwcleaner_5.026.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\MYPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil

***** [ Files ] *****

[-] File Deleted : C:\Users\MYPC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage
[-] File Deleted : C:\Users\MYPC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage-journal
[-] File Deleted : C:\Users\MYPC\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\browser.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}

***** [ Web browsers ] *****

[-] [C:\Users\MYPC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\MYPC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1739 bytes] ##########

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Pro x64
Ran by MYPC (Administrator) on 26-Dec-15 at 23:20:32.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 3

Successfully deleted: C:\ProgramData\1439143257.bdinstall.bin (File)
Successfully deleted: C:\Users\MYPC\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\MYPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil (Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26-Dec-15 at 23:24:16.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

message edited by Cyrus1


Report •

#3
December 26, 2015 at 16:02:04
"Or do I need to take further action. Thanks again"
My post #1
"Here are the first 2 steps, more steps will be needed, after I see the results of these logs"

Next step.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

Related Solutions

#4
December 26, 2015 at 16:31:50
Sorry John, became too excited after it seemed to fix the problem, will read the instructions more carefully next time.


FRST: http://www39.zippyshare.com/v/8OLVV...

Addition: http://www39.zippyshare.com/v/A35n9...

Cheers

message edited by Cyrus1


Report •

#5
December 26, 2015 at 16:46:55
Welcome again Cyrus, wanted to establish that you read properly, you have done that I see. You have run Farbar from the Desktop.

I shall be back within 1/2 an hour.


Report •

#6
December 26, 2015 at 17:00:12
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
Task: {214926CD-448A-4776-B06F-01584F7B4791} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {242CD9C5-67D6-4AB9-92E3-71FD6C1DB3C9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {32A6B70E-0838-4DDD-B3AE-BEBB315CEBBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {43B97FD2-9B1C-4A8C-86F0-BB251C794C11} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {583EA24F-1680-4506-A2DF-1A56508B1FE7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {59474D32-A7A2-4F16-B031-9FDA37520756} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {878F76FF-7372-4E34-84EC-108F4581B9F6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9D6EF54E-B9B3-4C2C-A54A-1D5D90ACDCC9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BE6F6830-7F71-4CBE-9493-F6B92884A349} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E53F9C1A-620D-4207-B4CC-6E248EF4BF23} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F0D36CA5-2ED6-46AF-B27D-A168E3F65952} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-822005929-2304844821-1371182496-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#7
December 26, 2015 at 17:24:31
Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by MYPC (2015-12-27 01:16:07) Run:1
Running from C:\Users\MYPC\Desktop
Loaded Profiles: MYPC & DefaultAppPool (Available Profiles: MYPC & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
Task: {214926CD-448A-4776-B06F-01584F7B4791} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {242CD9C5-67D6-4AB9-92E3-71FD6C1DB3C9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {32A6B70E-0838-4DDD-B3AE-BEBB315CEBBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {43B97FD2-9B1C-4A8C-86F0-BB251C794C11} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {583EA24F-1680-4506-A2DF-1A56508B1FE7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {59474D32-A7A2-4F16-B031-9FDA37520756} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {878F76FF-7372-4E34-84EC-108F4581B9F6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9D6EF54E-B9B3-4C2C-A54A-1D5D90ACDCC9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BE6F6830-7F71-4CBE-9493-F6B92884A349} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E53F9C1A-620D-4207-B4CC-6E248EF4BF23} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F0D36CA5-2ED6-46AF-B27D-A168E3F65952} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-822005929-2304844821-1371182496-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{214926CD-448A-4776-B06F-01584F7B4791}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{214926CD-448A-4776-B06F-01584F7B4791}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{242CD9C5-67D6-4AB9-92E3-71FD6C1DB3C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{242CD9C5-67D6-4AB9-92E3-71FD6C1DB3C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32A6B70E-0838-4DDD-B3AE-BEBB315CEBBD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32A6B70E-0838-4DDD-B3AE-BEBB315CEBBD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43B97FD2-9B1C-4A8C-86F0-BB251C794C11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43B97FD2-9B1C-4A8C-86F0-BB251C794C11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{583EA24F-1680-4506-A2DF-1A56508B1FE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{583EA24F-1680-4506-A2DF-1A56508B1FE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59474D32-A7A2-4F16-B031-9FDA37520756}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59474D32-A7A2-4F16-B031-9FDA37520756}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{878F76FF-7372-4E34-84EC-108F4581B9F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{878F76FF-7372-4E34-84EC-108F4581B9F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D6EF54E-B9B3-4C2C-A54A-1D5D90ACDCC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D6EF54E-B9B3-4C2C-A54A-1D5D90ACDCC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6F6830-7F71-4CBE-9493-F6B92884A349}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6F6830-7F71-4CBE-9493-F6B92884A349}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E53F9C1A-620D-4207-B4CC-6E248EF4BF23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E53F9C1A-620D-4207-B4CC-6E248EF4BF23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0D36CA5-2ED6-46AF-B27D-A168E3F65952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0D36CA5-2ED6-46AF-B27D-A168E3F65952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKU\S-1-5-21-822005929-2304844821-1371182496-1001\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 01:17:24 ====


Report •

#8
December 26, 2015 at 17:46:29
Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#9
December 26, 2015 at 18:13:33
Sorry it took a while.

Checkup.txt:

Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Norton 360
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
[color=red][b]Java version 32-bit out of Date![/b][/color]
Adobe Flash Player 20.0.0.235
Mozilla Firefox (43.0.2)
Google Chrome (47.0.2526.106)
Google Chrome (47.0.2526.80)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: %
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#10
December 26, 2015 at 18:14:38
Extract from the fixlog.
"EmptyTemp: => 1.1 GB temporary data Removed"
Way, way too big, even for a gamer.
Here are temp file settings for a normal user, adjust to suit your requirements.
Set Java to 100mb
All browsers, set to 50mb ( that's MB, not GB ) for temp.
Chrome is not so straight forward.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.

Report •

#11
December 26, 2015 at 18:27:16
Extracts from screen317's Security Check.
"Norton 360
Windows Defender"

Is your AV turned off?
If so, which one is Default.

"[color=red][b]Java version 32-bit out of Date![/b][/color]"
Java needs to be updated for security reasons.


Report •

#12
December 26, 2015 at 18:35:08
I set Java to 100mb. (Clicked on "Configure Java", then "Settings" under "Temporary Internet Files" and adjusted as necessary)

Followed your instructions to change it on Chrome.

For Firefox, should I go to "Options" then "Advanced" and "Override automatic cache management" to limit the cache to 50 mb of space? A bit unsure here.

Also, updated Java.

Norton 360 is enabled as far as I know, and it is my default AV. Windows defender has been turned off.

Not too much of a gamer anymore John, I am out of Uni now so I can't find the time for it.

Thank you.

message edited by Cyrus1


Report •

#13
December 26, 2015 at 19:10:54
"Override automatic cache management" to limit the cache to 50 mb of space"
Yep.

Here is how a USER got the problems, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif


Report •

#14
December 26, 2015 at 19:57:52
"Norton 360 is enabled as far as I know"
Check, you disabled it in post #1

Report •

#15
December 27, 2015 at 03:59:24
Unchecker will come in handy, cheers!

I'm usually quite aware of the crap they include so I do uncheck properly. I guess I became sloppy at one point.

Thanks a lot John for such detailed responses, I know it must've taken up your time so much appreciated!

message edited by Cyrus1


Report •

#16
December 27, 2015 at 04:31:55
"I know it must've taken up your time so much appreciated!"
No problem Cyrus, I was in & out of the house, getting my outside jobs for today done.
It's a nice physical break for me, when I go on the forum.

You should be right now, I'll let you know if I spot anything else.


Report •

Ask Question