Very slow computer - Qwant alert
pcam9375
Posted messages
81
Registration date
Status
Membre
Last intervention
-
PATY92 -
PATY92 -
Hello,
Qwant informed me two or three weeks ago about unusual use of my PC (cyberattack?) in the background; I suspect that a very discreet software has been installed for this purpose and my antivirus finds nothing...
Everything is working slowly, particularly the display of the Google page when opening Chrome, and file transfers via Dropbox or WeTransfer are nearly impossible (3 days estimated for 300 MB via WeTransfer)...
I need your help to get rid of this thing...
Thank you in advance for your help
Configuration: Windows / Chrome 65.0.3325.181
Qwant informed me two or three weeks ago about unusual use of my PC (cyberattack?) in the background; I suspect that a very discreet software has been installed for this purpose and my antivirus finds nothing...
Everything is working slowly, particularly the display of the Google page when opening Chrome, and file transfers via Dropbox or WeTransfer are nearly impossible (3 days estimated for 300 MB via WeTransfer)...
I need your help to get rid of this thing...
Thank you in advance for your help
Configuration: Windows / Chrome 65.0.3325.181
4 réponses
Hello,
To check the computer:
Follow the FRST tutorial. ( take the time to read carefully - everything is well explained there ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
Send these 3 reports to the site https://pjjoint.malekal.com/ to share them.
In return, provide the 3 pjjoint links leading to the reports here in a new response so that we can review them.
--
Please press a key to continue the disinfection...
To check the computer:
Follow the FRST tutorial. ( take the time to read carefully - everything is well explained there ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
- FRST.txt
- Shortcut.txt
- Additionnal.txt
Send these 3 reports to the site https://pjjoint.malekal.com/ to share them.
In return, provide the 3 pjjoint links leading to the reports here in a new response so that we can review them.
--
Please press a key to continue the disinfection...
Hello
Here are the links to the three requested files:
https://pjjoint.malekal.com/files.php?id=FRST_20180402_y10x12k7j8t11
https://pjjoint.malekal.com/files.php?id=20180402_i9q14r12s119
https://pjjoint.malekal.com/files.php?id=20180402_x12t15u15r9c14
Here are the links to the three requested files:
https://pjjoint.malekal.com/files.php?id=FRST_20180402_y10x12k7j8t11
https://pjjoint.malekal.com/files.php?id=20180402_i9q14r12s119
https://pjjoint.malekal.com/files.php?id=20180402_x12t15u15r9c14
You were taken in by an InstallCore installer at some point: https://forum.malekal.com/viewtopic.php?t=53580&start=
There are remnants of Yahoo! and Chromium...
You also have PDF Convert, which is a rogue extension on Chrome.
You have programs that were installed at the purchase of the computer or installed later that are not necessarily useful.
They clutter Windows and can slow it down.
You can therefore uninstall them.
Go to the Control Panel
then to Programs and Features.
Uninstall:
CCleaner
Dropbox
QuickTime
WinRAR
WinZip
PS: CCleaner is not really useful, even though it is recommended everywhere.
Disable CCleaner's monitoring, which is unnecessary, as it starts with Windows and slows it down with its incessant clean-ups. See: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/
Replace WinZip and WinRAR with 7-zip
~~
Here is the fix to be performed with FRST. You can refer to this explanatory note with screenshots.
Restart FRST, then on your keyboard press the CTRL + Y keys.
The Notepad will open, copy/paste this.
Save the content from the file menu and then save.
Close Notepad, return to FRST and click the "Fix" button.
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.
Restart the computer.
2°)
Reset/Repair the web browsers concerned by the problems:
--
Please press any key to continue the disinfection...
There are remnants of Yahoo! and Chromium...
You also have PDF Convert, which is a rogue extension on Chrome.
You have programs that were installed at the purchase of the computer or installed later that are not necessarily useful.
They clutter Windows and can slow it down.
You can therefore uninstall them.
Go to the Control Panel
then to Programs and Features.
Uninstall:
CCleaner
Dropbox
QuickTime
WinRAR
WinZip
PS: CCleaner is not really useful, even though it is recommended everywhere.
Disable CCleaner's monitoring, which is unnecessary, as it starts with Windows and slows it down with its incessant clean-ups. See: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/
Replace WinZip and WinRAR with 7-zip
~~
Here is the fix to be performed with FRST. You can refer to this explanatory note with screenshots.
Restart FRST, then on your keyboard press the CTRL + Y keys.
The Notepad will open, copy/paste this.
CreateRestorePoint:
CloseProcesses:
Task: {44636AA5-CF00-4A15-BA72-9542C687EC89} - System32\Tasks\Yahoo! Powered lofal => "wscript.exe" "C:\ProgramData\{919854FB-1BDA-DE3D-9D1C-407F075ECBB1}\dori.txt" "68747470733a2f2f7275647564756c752e636f6d" "//B" "//E:jscript" "--IsErIk" <==== ATTENTION
HKU\S-1-5-21-1937202209-3881749791-1439250984-1000\...\Run: [Chromium] => c:\users\philippe\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)
c:\users\philippe\appdata\local\chromium
C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldhkdaoikclkecocioipjifepiiceeai
EmptyTemp:
RemoveProxy:
Reboot:
Save the content from the file menu and then save.
Close Notepad, return to FRST and click the "Fix" button.
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.
Restart the computer.
2°)
Reset/Repair the web browsers concerned by the problems:
- Repair Mozilla Firefox (first paragraph)
- Repair Google Chrome (only the first paragraph).
--
Please press any key to continue the disinfection...
Here is the copy of the fixlog file:
Farbar Recovery Scan Tool (x64) Correction Results Version: 14.03.2018
Executed by Philippe (02-04-2018 21:42:39) Run:1
Executed from C:\Users\Philippe\Downloads
Loaded profiles: Philippe (Available profiles: Philippe & DefaultAppPool)
Boot mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
Task: {44636AA5-CF00-4A15-BA72-9542C687EC89} - System32\Tasks\Yahoo! Powered lofal => "wscript.exe" "C:\ProgramData\{919854FB-1BDA-DE3D-9D1C-407F075ECBB1}\dori.txt" "68747470733a2f2f7275647564756c752e636f6d" "//B" "//E:jscript" "--IsErIk" <==== ATTENTION
HKU\S-1-5-21-1937202209-3881749791-1439250984-1000\...\Run: [Chromium] => c:\users\philippe\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)
c:\users\philippe\appdata\local\chromium
C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldhkdaoikclkecocioipjifepiiceeai
EmptyTemp:
RemoveProxy:
Reboot:
The restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44636AA5-CF00-4A15-BA72-9542C687EC89}" => deleted successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44636AA5-CF00-4A15-BA72-9542C687EC89}" => deleted successfully
C:\WINDOWS\System32\Tasks\Yahoo! Powered lofal => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered lofal" => deleted successfully
"HKU\S-1-5-21-1937202209-3881749791-1439250984-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => deleted successfully
c:\users\philippe\appdata\local\chromium => moved successfully
C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldhkdaoikclkecicioipjifepiiceeai => moved successfully
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully
"HKU\S-1-5-21-1937202209-3881749791-1439250984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
"HKU\S-1-5-21-1937202209-3881749791-1439250984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 144667347 B
Java, Flash, Steam htmlcache => 728 B
Windows/system/drivers => 16976964 B
Edge => 696350 B
Chrome => 563302775 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6200 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 385668 B
Philippe => 451210743 B
DefaultAppPool => 6200 B
RecycleBin => 1808194013 B
EmptyTemp: => 2.8 GB of temporary data removed.
================================
The system had to restart.
Farbar Recovery Scan Tool (x64) Correction Results Version: 14.03.2018
Executed by Philippe (02-04-2018 21:42:39) Run:1
Executed from C:\Users\Philippe\Downloads
Loaded profiles: Philippe (Available profiles: Philippe & DefaultAppPool)
Boot mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
Task: {44636AA5-CF00-4A15-BA72-9542C687EC89} - System32\Tasks\Yahoo! Powered lofal => "wscript.exe" "C:\ProgramData\{919854FB-1BDA-DE3D-9D1C-407F075ECBB1}\dori.txt" "68747470733a2f2f7275647564756c752e636f6d" "//B" "//E:jscript" "--IsErIk" <==== ATTENTION
HKU\S-1-5-21-1937202209-3881749791-1439250984-1000\...\Run: [Chromium] => c:\users\philippe\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)
c:\users\philippe\appdata\local\chromium
C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldhkdaoikclkecocioipjifepiiceeai
EmptyTemp:
RemoveProxy:
Reboot:
The restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44636AA5-CF00-4A15-BA72-9542C687EC89}" => deleted successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44636AA5-CF00-4A15-BA72-9542C687EC89}" => deleted successfully
C:\WINDOWS\System32\Tasks\Yahoo! Powered lofal => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered lofal" => deleted successfully
"HKU\S-1-5-21-1937202209-3881749791-1439250984-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => deleted successfully
c:\users\philippe\appdata\local\chromium => moved successfully
C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldhkdaoikclkecicioipjifepiiceeai => moved successfully
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully
"HKU\S-1-5-21-1937202209-3881749791-1439250984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
"HKU\S-1-5-21-1937202209-3881749791-1439250984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 144667347 B
Java, Flash, Steam htmlcache => 728 B
Windows/system/drivers => 16976964 B
Edge => 696350 B
Chrome => 563302775 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6200 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 385668 B
Philippe => 451210743 B
DefaultAppPool => 6200 B
RecycleBin => 1808194013 B
EmptyTemp: => 2.8 GB of temporary data removed.
================================
The system had to restart.
End of Fixlog 21:47:37
Hello,
For the past few days, my searches with QWANT have been very slow, while with GOOGLE the response is instantaneous.
Previously, the response times for my queries with QWANT were immediate.
In the meantime, I had installed and then uninstalled the free software AVAST and Panda. I don't know if there is a correlation, with the fact that I no longer have access to QWANT which responds after several seconds, that QWANT is unreachable and that I have to refresh the page to get a result, which is instantaneous at that moment in the process.
Pat
PS: I am on XP with Firefox ESP for Qwant.
For the past few days, my searches with QWANT have been very slow, while with GOOGLE the response is instantaneous.
Previously, the response times for my queries with QWANT were immediate.
In the meantime, I had installed and then uninstalled the free software AVAST and Panda. I don't know if there is a correlation, with the fact that I no longer have access to QWANT which responds after several seconds, that QWANT is unreachable and that I have to refresh the page to get a result, which is instantaneous at that moment in the process.
Pat
PS: I am on XP with Firefox ESP for Qwant.
Something new must have happened, otherwise Qwant wouldn't have alerted me, I think...
Connection speed 3.9 Mb (Orange).
When I upload a large file to Dropbox, it takes a very long time to transfer, and if I look at the WiFi in the task manager, I see a used speed that is much higher (e.g. 800 Ko/sec) than what is displayed by Dropbox (e.g. 40 ko/sec) even though I only have Dropbox open.