Freezing or extremely slow at start up - possible infection or ?

[bluelit]

The system required a reboot to finish removing files. Here's the OTL log:

All processes killed

========== FILES ==========

C:\Users\Joan\AppData\Roaming\Azureus\torrents folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\tmp folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\subs folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\shares folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\rss folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\plugins\azutp folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\plugins folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\net folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\logs folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\dht folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\devices folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus\active folder moved successfully.

C:\Users\Joan\AppData\Roaming\Azureus folder moved successfully.

c:\Users\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.

c:\Users\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.

c:\Users\AppData\LocalLow\Conduit folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

->Temp folder emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Joan

->Temp folder emptied: 5232370 bytes

->Temporary Internet Files folder emptied: 2508968 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 18506342 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 492 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4444 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

RecycleBin emptied: 25741584 bytes

Total Files Cleaned = 50.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Joan

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Joan

->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05302013_115409

Files\Folders moved on Reboot...

C:\Users\Joan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Maurice Naggar]

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

ERUNT you should keep and use periodically to backup Windows registry.

To re-enable CD Emulation programs using DeFogger please perform these steps:

Please download >> DeFogger <<and save it to your desktop.

• Once downloaded, double-click on the DeFogger icon to start the tool.
  
• The application window will appear.
  
• You should now click on the Enable button to re-enable your CD Emulation drivers.
  
• When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  
• When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  
• If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Delete the following if still present:

Frst64.exe

adwcleaner.exe

roguekiller.exe

Tdsskiller.exe

securitycheck.exe

Stinger.exe

You should create a "system repair disc" for your Windows 7 either to a CD, DVD, or new USB-flash-thumb drive {if your hardware can boot from USB}.

The following is a reference page at Microsoft and also has a link to a how-to-video.

Create a Windows 7 system repair disc

This "repair disc" is a very handy tool that one may use when and IF you are not able to start Windows 7 normally.

This "repair disc" or "rescue disc" is not intended as a replacement for having the Windows 7 operating system DVD.

Make a rescue disc, put a label on it, store it away for a "rainy day".

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Important Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  Get notified when the MVPS HOSTS file is updated
  http://winhelp2002.mvps.org/updates.htm
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
  How to create a Windows system image in Windows 7 and Windows 8
  http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/
  How to use System Image Recovery in the Windows 7 and Windows 8 Recovery Environment
  http://www.bleepingcomputer.com/tutorials/system-image-recovery-in-windows-7-8/
  
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  
• Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
  Don't plug in an unknown flash/thumb drive into your PC.
  IF you must do so, hold down the SHIFT-key when you insert the drive.
  Scan any file with your Antivirus prior to opening or using.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

[bluelit]

Thank you so much for your awesome help and for providing the additional info!!! I've removed the tools used with OTC and deleted the remaining executables. Computer is running fine now!!

[bluelit]

I forgot to ask about my 4 flash drives. Is there a way to check them for viruses or malware without re-infecting my computer?

[Maurice Naggar]

hold down the SHIFT-key when you inserting the USB-flash- thumb drive.

Scan any file with your Antivirus prior to opening or using.

You can view the drives thru Windows Explorer, do a right-click on the drive, and you should have a right-click context menu, with several options, including scanning with MalwareBytes or your antivirus.

That is probably the fastest easiest to use.

In addition, Download and run "Flash Drive Disinfector" by sUBs. It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

There is no GUI interface or log file produced.

Very happy to have helped. All the best to you.