Win 8 PC runs So Slow after allowing AV program to expire

September 27, 2016 at 13:57:04
Specs: Windows 8, AMD Quad-Core Processor A4-6210 GHz
I am currently downloading Adaware and Malaware Bytes . Is there anything else i can download, as I see my hubby has allowed the Antivirus to expire :( Also what would you recommend in the way of free Antivirus programs . The time this laptop takes to open pages is ridiculous and tedious.

thankyou for any help you may offer .

See More: Win 8 PC runs So Slow after allowing AV program to expire

Reply ↓  Report •

September 27, 2016 at 14:29:00
Bitdefender free is considered a decent freebie; some like Avast - personally i found it slow... Some like Kaspersky...

Also M$ own (free) antivirus package is considered pretty good by many; especially when supported by the utilities listed below...

There are assorted "cleaners with names which sound much alike; one has to be careful which on goes for... Some of them are true charlatans, likely to give you more problems; and seldom free or as effective....

The usual (and safe) one (which sounds similar to the one you mention) recommended here is adwcleaner - note the spelling..

And these are the others recommended here (and on many other decent forums too).

Junkware Removal Tool (JRT):

It installs to the desktop from where you run it. It will open into a small dos style window; follow the instructions therein. It will reboot the system as part of its process.



Install each using the manual.custom option - NOT the proffered/default automatic. That way you can watch for and uncheck any (so helpfully) pre checked boxes - apart for the one for the actual utility itself. Thus you avoid installing all manner of "stuff" you neither need nor want; much of it being a true PIA to eradicate.

To be really sure you have eradicated most rubbish/pestware/malware etc. you can also use Kaspersky Rescue disk, which is a bootable DVD which will load into RAM only; then go on line to update itself and then scan the entire drive - fully. It will often find stuff that is hidden within windows system files and which cannot be eradicated whilst windows is booted up.

This is an excellent tutorial (from another excellent source) about using it:

You download the ISO; burn it to a DVD; boot with the DVD. It is a Linux based disk and will not install itself to the hard drive (unless somehow you tell it to...). It loads into RAM only.

Whilst you're at it; ensure you have all important files (typically family photos etc. at least) duplicated/safeguarded to DVD as a minimum; and if possible to another external hard drive too. Ideally make two sets of any DVDs to allow for damage or loss of a disk...? Check the copies/duplicates regularly; update them too... That way your "stuff" is safe at all times - should there ever be serious problems requiring a rebuild or similar...

If you system has a recovery partition - fine; but if possible even make a recover disk set for your installation as is; as that will enable you to restore a failed system to how it was at time the disk was set was made.

Also retain any longs generated from the above utilities for further possible investigation. There are couple of chaps here who are truly top notch with regard to nuisance/malware etc; and their advice is well heeded.

And finally (as per the very late Walter Kronkite) regularly run disk clean (part of windows operating system; and/or ccleaner at least. This will keep hard drive clutter down to a minimum. Running the other items above too once a month won't hurt either.

message edited by trvlr

Reply ↓  Report •

September 27, 2016 at 15:23:08
The three freebies given in #1 should be run right now as they are likely to unearth problems. I mean ADWCleaner, JRT, and MalwareBytes.

Always pop back and let us know the outcome - thanks

Reply ↓  Report •

September 27, 2016 at 15:40:21
I dont know what to delete on ADwCleaner . I copied the log .

# AdwCleaner v6.020 - Logfile created 27/09/2016 at 14:53:38
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-27.2 [Server]
# Operating System : Windows 8.1 (X64)
# Username : User-PC - USER
# Running from : C:\Users\User-PC\Downloads\AdwCleaner.exe
# Mode: Scan
# Support :

***** [ Services ] *****

Service Found: Update service

***** [ Folders ] *****

Folder Found: C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98
Folder Found: C:\Users\User-PC\AppData\Roaming\RPEng
Folder Found: C:\Program Files\

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

Task Found: Software Update Application

***** [ Registry ] *****

Key Found: HKU\S-1-5-21-282128852-2669926986-1822242573-1001\Software\Classes\pokki
Key Found: HKCU\Software\Classes\pokki
Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: [x64] HKCU\Software\Classes\pokki
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}
Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.


C:\AdwCleaner\AdwCleaner[S0].txt - [2884 Bytes] - [27/09/2016 14:43:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [2789 Bytes] - [27/09/2016 14:53:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2862 Bytes] ##########

Malwarebytes Anti-Malware

Scan Date: 2016-09-27
Scan Time: 3:01 PM
Logfile: malwarebytes scan.txt
Administrator: Yes

Malware Database: v2016.09.27.12
Rootkit Database: v2016.09.26.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: User-PC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318129
Time Elapsed: 26 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Yontoo, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, 4476, , [72b63a3d6b2fe056f03a2e68e919b44c]

Modules: 0
(No malicious items detected)

Registry Keys: 14
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4e2d2bf0-159f-4257-acf0-b1f29b376fa0}, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{4e7249f6-3124-4e09-bca9-ae2b09f3d83e}, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{3A69CDF2-B56C-48D3-BB9B-ED2925AEE772}, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3A69CDF2-B56C-48D3-BB9B-ED2925AEE772}, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3A69CDF2-B56C-48D3-BB9B-ED2925AEE772}, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4e7249f6-3124-4e09-bca9-ae2b09f3d83e}, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4e7249f6-3124-4e09-bca9-ae2b09f3d83e}, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, HKU\S-1-5-21-282128852-2669926986-1822242573-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, HKU\S-1-5-21-282128852-2669926986-1822242573-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [1513a7d0475321158f8dc4adf60cea16],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [1513a7d0475321158f8dc4adf60cea16],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98, , [86a24c2beab041f5157fbf04c63cc23e],
PUP.Optional.Yontoo, C:\Program Files (x86)\Common Files\65ad47d7-2e27-4a5c-b238-26643fdaeb98, , [9d8bd7a0adede74f7f1615ae729045bb],
PUP.Optional.Booking, C:\Program Files\Booking.COM, , [8e9a8fe88119c27412c6edcccb39eb15],

Files: 9
PUP.Optional.Yontoo, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, , [72b63a3d6b2fe056f03a2e68e919b44c],
PUP.Optional.Yontoo, C:\Users\User-PC\AppData\Roaming\RPEng\89F6FDFFB3234B0680B5478265BED587\setup.exe, , [8d9b1265d3c70f2779fd2a9e758c738d],
PUP.Optional.OpenCandy, C:\Program Files (x86)\FrostWire 6\frostwire-installer.exe, , [cd5ba2d52278bc7ad8d76e1b6e96bd43],
PUP.Optional.BundleInstaller, C:\$Recycle.Bin\S-1-5-21-282128852-2669926986-1822242573-1001\$R1O91C1.exe, , [e048dd9a207aeb4b49619c1bd52f619f],
PUP.Optional.BundleInstaller, C:\Users\User-PC\AppData\Local\Temp\spi84F1.tmp, , [5fc9185f504a3ef80aa0962145bf1de3],
PUP.Optional.Booking, C:\Program Files\Booking.COM\, , [8e9a8fe88119c27412c6edcccb39eb15],
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.ico, , [8e9a8fe88119c27412c6edcccb39eb15],
PUP.Optional.Booking, C:\Program Files\Booking.COM\StartURL.exe, , [8e9a8fe88119c27412c6edcccb39eb15],
PUP.Optional.Booking, C:\Program Files\Booking.COM\Version.txt, , [8e9a8fe88119c27412c6edcccb39eb15],

Physical Sectors: 0
(No malicious items detected)


Reply ↓  Report •

Related Solutions

September 27, 2016 at 15:54:54
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows 8.1 x64
Ran by User-PC (Administrator) on 2016-09-27 at 15:44:24.77

File System: 7

Successfully deleted: C:\ProgramData\1449477061.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1449627922.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1449638370.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1451017612.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1451017962.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1451072196.bdinstall.bin (File)
Successfully deleted: C:\Windows\prefetch\ (File)

Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{624B141B-D858-4BD5-81F5-94F103817568} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

Scan was completed on 2016-09-27 at 15:50:27.84
End of JRT log

Reply ↓  Report •

September 27, 2016 at 17:14:52
You can safely run the "Clean" on ADWCleaner - there is nothing there that needs retaining. JRT doesn't give you options but what it deleted was OK too.

Those two programs are particularly good at finding and removing browser malware but run MalwareBytes too.

Always pop back and let us know the outcome - thanks

Reply ↓  Report •

September 27, 2016 at 17:50:52
The last time I went to use Ad-aware a few years ago it was no longer supported and had become a bloated resource hog. I'm not sure if it has improved since then but I don't really see it being offered up in various forums anymore. It's a shame because it used to be one of the greats.

If you are going to remove Nortons be sure to use their removal tool. Nortons has a bad way of sticking around and running in the background with a standard uninstall. Also leaves loads of orphaned folders, files and registry entries. Sometimes these can play havoc when trying to install an alternative antivirus program:
Bleeping retrieves the tool from Symantec site directly so you will receive the most up to date version

message edited by btk1w1

Reply ↓  Report •

September 28, 2016 at 15:55:13
"I dont know what to delete on ADwCleaner . I copied the log ."
After running Clean, Copy & Paste the log please.

Next step, I can look for leftovers in these logs.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
If we have to run Farbar more than once, refer this SS.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
Instructions on how to use ZippyShare.

Reply ↓  Report •

Ask Question