Cleaning Up and Speeding Up
When you have rid your PC of viruses and/or spyware, there are many important steps to take to ensure that you are protected from further infiltrations and that no remaining malware is hiding in the registry or temporary folders. Below are two sections:
Cleaning Up and
Speeding Up.
The Cleaning Up section helps you clean out useless files, usage tracks and unneeded registry keys. This section is of use to anyone, but is highly recommended for people who have had a recent malware infection. Most programs and manual malware removals leave behind temporary files and even entries in Add/Remove programs. Remember to ensure that you are fully protected as well by reading the Preventing It Returning info (see
here). Some of the programs mentioned in this section also help improve your PCs speed and performance, along with the tips.
The Speeding Up section helps anyone who is having problems with a slow PC. We get a lot of posts asking us to analyse Hijack This Logs and a common question is "What can I fix to make my PC perform better?". If your reading this information before actually letting us have a look at your log, then we suggest you let us check for spyware and nasties first and we'll leave the optimisation to you. After all, you know what you need/want on your PC.
Cleaning Up
Using Add/Remove programs
The first place to start cleaning up is Add/Remove programs. Go to Start> Control Panel in XP and Vista or Start> Settings> Control Panel in other Windows versions. Once in the Control Panel, double click
Add/Remove Programs (
Programs and Features in Vista).
You should now be able to see a list of programs installed on your computer. First of all, go through the list and see if there are any programs you no longer require. When you find a program you no longer need, click it and then click
Change/Remove (or Add/Remove depending on your Windows version). The uninstallation will
begin. In some cases, the program may no longer exist and the entry in Add/Remove programs is just a "dead" entry. If this is the case, Windows will ask you if you want to remove the program from the list.
Some malware leaves uninstall functions in Add/Remove programs. If you are unsure whether a program is malware in Add/Remove programs, then you can enter the name of the program at
Spyware Guide and if it doesn't come back with a related program, then its possibly legitimate. Also enter the name into a search engine like Google if in doubt.
The Recycle Bin
Unless you have customised the Recycle Bin, every file you delete goes straight here. The Recycle Bin is usually located on the Desktop and has a bin icon. When you are clearing out a spyware infection, you are often asked to delete files. These files will go straight to your Recycle Bin and that means they are still on your system. To Empty your Recycle Bin, right click the Recycle Bin icon on your Desktop and click
Empty the Recycle Bin.
Remember: Always check that you haven't accidently sent files you need/want to the Recycle Bin before emptying. Simply double click the icon on your Desktop and you will be able to view all files in the Bin. If you want a file/folder back, right click and select Restore.
Temporary Files and Folders
Temporary Files are created by Windows very often. There are usually many temporary files created whilst browsing the Internet (this is often known as the "cache"), the installation of programs and various other tasks.
Where the Temporary Files are located depends on your version of Windows. In all Windows Versions, there is a folder called
Temp located in the C:\Windows folder. The easiest way to empty your Temporary folders is to let a program do it for you.
One of the most popular programs for doing this, is a freeware program called
Crap Cleaner. Crap Cleaner is a single utility that lets you clear your Cookies, Internet Explorer History, Empty the Recycle Bin, Uninstall Programs, Clear Usage Tracks and much more. As well as this, it has an Advanced Registry Scanner. Using a program like this is one of the easiest methods.
Another popular program is
SSS. See the link for a complete list of features.
Windows also has a built in utility for cleaning up your Disk Drive. Go to Start> Program> Accessories> System Tools and run
Disk Cleanup. The third party applications above provide more features and are probably a better option.
System Restore (Only applys to Windows Me, XP and Vista)
System Restore is a useful feature in Windows Me, XP and Vista that takes a snapshot of your system on a regular basis or when you make certain changes. This is useful to get your system back to a previous state in case of errors. There is one problem though, System Restore also takes snapshots of spyware or viruses you have been infected with. That means that an infection could return if you use System Restore. There are also problems with antivirus programs detecting the files System Restore has taken a snapshot of, but they are unable to access where the files are stored. The solution is to flush the entire contents of System Restore after a Malware infection. To do this, you need to
Disable System Restore and then Enable it again. Instructions can be found
here.
The Registry
The registry is an important part of Windows which provides lots of information related to programs and your Operating System. If you have had a spyware infection and/or install and uninstall programs, there are likely to be useless entries left in the Registry which will just slow down your system or sit there doing nothing. A lot of Windows users stay
clear of the Registry because fiddling with certain entries could cause some serious errors. If you manually edited these useless keys, it would take you hours to weed them out and you still might not get rid of them all and you may delete a valid key.
This is where a piece of software steps in. You can find a lot of useful programs on the Internet for fixing errors in the Registry, but beware, not all programs are well made and they could cause serious errors. So please exercise caution when using software and ensure you use the backup functions which are usually included with this kind of software.
One program for fixing invalid registry items that I can highly recommend is
RegSupreme. There is a standard edition which just contains the scanner and a professional edition which contains the scanner as well as a tool to let you manually edit areas of interest in the Registry (such as Programs that start when your PC starts, Add/Remove programs entries, etc). You can download a fully functional 30 day trial of this software. If you find it useful, then the fee to pay is not massive. I didn't mind paying around the region of £7 for an extremely useful utility.
CCleaner which is mentioned above (under the "Temporary Files and Folders" section) also can scan certain areas of the registry for errors, but it perhaps is not as thorough as RegSupreme.
Windows Usage Traces
Windows keeps track of all the programs you open, recently used files and more. It also tracks which websites you visit in the
Internet Explorer History. This data is not used maliciously, it stays on your system and is there for your convenience. Some people may find it intrusive so many programs have been created to help you clean it out regularly.
Ad-aware SE mentioned in the Prevent It Returning Info (See the top of this page for a link) scans for
Negligible Objects which are usually Usage Tracks for Windows and some programs you have installed.
CCleaner mentioned above also does this job quite well.
One of the best dedicated programs has to be
MRU Blaster. See
here for more information and to download it.
Cookies and Temporary Internet Files
A "cookie" is a small piece of information sent by a web server to store on a web browser so it can later be read back from that browser. This is useful for having the browser remember some specific information. Cookies are pretty harmless and mainly used for good but they can be used to track browsing habits. For example, you visit Website A which has Ads from XYZ company. Cookies from one of the XYZ company servers are saved on your PC. Even though you are not on the XYZ company website, the ads are hotlinked to images/movies on the XYZ company server. You later visit Website B which also contains advertisements from XYZ company. The previous cookie will be read. The XYZ company server will see that you have viewed Ad Number 1 earlier and will be able to serve you an ad related to the websites you have viewed. They may also use the cookie to prevent you from the viewing the same ad again therefore capturing your attention with different ads. Tracking Cookies aren't as dangerous as some spyware, but some may see it as a breach of privacy. MRU Blaster above has a plugin that helps you deal with cookies.
Also take a look at your web browser. Most browsers have a feature which prompts you to Allow or Deny certain cookies. Your preferences will be saved and eventually on the sites you regularly visit, you will only get the cookies you want.
In
Internet Explorer Cookies can be managed via the Tools> Internet Options and then the Privacy tab.
In
Mozilla Firefox, go to Tools> Options> Privacy and then Cookies.
In
Mozilla/Netscape, go to Edit> Preferences> Privacy and Security and then Cookies.
For other browsers, please see the help files that come with the browser.
Temporary Internet Files (sometimes known as the "cache") is where webpages you've recently viewed, some of the key images and active content (such as Flash and Shockwave files) are stored. This helps speed up your browsing because your browser can retrieve a locally saved copy of the page/content instead of downloading it again. The cache does have a limit on how much space it can use, but you must customise this limit to suit yourself and empty the files on a regular basis or else they can take up an awful lot of disk space. Some of the tools like CCleaner and MRU Blaster can deal with emptying Temporary Internet Files.
To manage Temporary Internet Files in
Internet Explorer, go to Tools> Internet Options and on the General tab there are options for emptying and customising.
In
Firefox, go to Tools> Options> Privacy and then select Cache.
In
Mozilla/Netscape, go to Edit> Preferences> Advanced and then Cache.
For other browsers, please see the help files that come with the browser.
And the final word...(or two)
Remember to clean out your PC regularly to save disk space and erase your traces. Cleaning out your PC is second to keeping your PC protected, so please if you haven't already done so, read the Preventing It Returning Information
here. We can only fight the war on malware if everybody does their bit by protecting their PC and keeping a top eye open. If you don't protect, then the malware will spread.
Speeding Up
Startup Applications
One of the biggest sources for slowing down your PC is applications that start when Windows starts. A lot of these applications are not needed for the operation of your system and added by Office programs, Media players, Graphics card registration reminders, etc. We are often asked to analyse Hijack This logs and provide optional fixes. Instead, this is a small DIY guide. You need to get a copy of Hijack This and generate a log first of all. Follow the instructions
here.
When you have generated the log, it should open in Notepad. What we need to pay attention to are the O4 entries in the log. O4 entrys look like this. I have colour coded the entries below to help you understand them:
O4 -
HKLM\..\Run: [AVG7_CC]C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 -
O4 - HKCU\..\Run: [msnmsgr]"C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
The red bit is the location in the registry. HKLM means HKEY_LOCAL_MACHINE and means the program starts on every user account. HKCU mean HKEY_CURRENT_USER and means the program starts only on your user account. There are also two other entries which are Startup and Global Startup. As you can probably tell, Global means every account and Startup is specific to your account.
The blue bit is the name of the program started, sometimes the names can be unrelated to the program themselves an slightly confuse you, but its life I'm afraid.
The green bit is the name and location of the file that is starting up.
What you need to do with these entries, is pay a visit to
http://computercops.biz/StartupList.html. There is a search box on this page. This is the box we need to use. For each of the O4 entries in your log, input the name of the file that is starting up. For the first entry above, you would put avgcc.exe in. Please note that on some PCs, Some DLL files load when Windows loads so the entries will look something like this:
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
In this one, you would enter NvMcTray.dll into the search box. That entry is basically telling rundll32.exe to load the NvMcTray.dll file.
When you have entered the file into the box and click the search button, some results will appear. Beside them will be a letter which gives you there status which is either: not needed at startup, is needed at startup, is the users choice or is definetly not required (spyware and viruses, etc). A key at the top gives you more in depth information about the statuses. Next to each result is a description of the file.
If you believe that you don't need the program in Startup, simply put a checkmark next to it in Hijack This and click
Fix Checked.
Please remember, that sometimes there may be more than one program with the same name, often viruses are made to imitate legitimate programs. If you require help, don't be afraid to post for it.
Windows Services (Only applys to Windows 2000, XP and Vista)
In Windows 2000, XP and Vista as well as having these startup entries they have
Services. These are either automatically started when Windows starts or are started manually when needed. Services run silently in the background, but can eat up a lot of system resources and drastically slow down your machine if you don't customise them. The majority of services are related to Windows, but some 3rd party companies add Services. Sometimes even spyware adds services to ensure they are automatically run and invisible. Running Services can be seen in Task Manager though.
The default Windows Services can be customised. It is therefore up to you to customise your Windows Services. Below are links to a very useful guide that tells you more about each default service and whether you need it with your configuration. Note: Some of these services are very important so please read the information so you know what you are doing:
For Windows Vista click
here
For Windows XP click
here.
For Windows 2000 click
here.
Of course, when you are going through your services there are other services from third party providers that you must deal with and see whether you need them. There is an extremely useful list
here which describes what each service is and works in a similar way to the Startup Info above.
Disk Defragmenting
When your hard disk becomes fragmented, its like having a large pile of papers on a desk shoved in any old order and in any space available. This can seriously reduce your PC's performance because it takes longer to retrieve data. The answer is to Defragment which is like organising those messy papers into nice neat piles which therefore enables your PC to retrieve files quicker, thus improving performance.
Disk Defragmenting can take quite a while depending on the volume of your hard drive and how much disk space is used. Windows has a built in tool for Defragmenting your hard drive which is available under the Accessories menu in Start> (All) Programs. A lot of people leave there PC to defragment overnight using the standard Windows tool.
There is alternative software that is available and does the same job as the Windows tool. A popular piece of alternative software is Diskeeper Lite available
here. This program is free and defragments your hard drive a lot faster than the standard Windows tool.
Prefetch (Only applys to XP and Vista)
Windows XP and Vista have a folder located in the Windows directory on your hard drive called
Prefetch. Windows saves information about programs you have run here, to enable your PC to boot up faster and perform better. After some time though (depending on how often you install/uninstall programs and change your PCs configuration), the Prefetch folder will contain many useless files linking to programs that may no longer exist. This could drastically decrease the performance of your PC, so its recommended every month or so you get rid of the older files in the Prefetch. CCleaner mentioned in the Cleaning Up section can do this for you and will clean out the old and useless ones.
Please note that emptying the Prefetch to often will also slow down your PC, because Windows doesn't have as much cached information, so it can't start applications as fast.
And the final final word.... (Trust me this is the final word this time)
I hope this information has been of use to you and will help you keep your PC running in tip top condition. Above all remember to clean out useless information regularly, defragment every 2 months or so and keep your PC protected and up to date (see the
Preventing It Returning Info in that thread). Please remember though that your software is only as capable as your hardware, so if you have a low spec PC, its unlikely that you will get it running at a similar speed to a high spec PC. Hardware upgrades are very important and a simple thing like adding more memory can do a world of good. If you require any help with the topics discussed, please don't hesitate to post to the forum.
Owen
