Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely slow startup after spysweeper update


  • This topic is locked This topic is locked
86 replies to this topic

#1 rhino1

rhino1

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 04 April 2012 - 05:19 AM

Hopefully someone can help. Problem originally posted in Windows XP forum but sent here for help.
I recently updated webroot spysweeper and during the updating it also scanned and found two files (I do not know the names) and needed to restart to complete removal of second file. The restart is incredibly slow after the screen with the windows logo with the blue boxes underneath. It takes about 30-45 minutes. Once the desktop screen loads the menu bar normally at the bottom of the screen only shows a small bar with no icons to click on. Also clicking on any icon on the desktop is also very slow in loading the program if it loads at all. I tried going to safe mode but that has the same thing happen as in regular mode. I had a problem last year with a blinking monitor screen but needed to get new graphics card. Could the graphics card be worn out already? Below is my computer specs from 6/2011 (posted on bleepingcomputer when had blinking monitor problem...new graphics card is GeForce GTX 550Ti):
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name
System Manufacturer INTEL_
System Model D975XBX_
System Type X86-based PC
Processor x86 Family 6 Model 15 Stepping 6 GenuineIntel ~2666 Mhz
BIOS Version/Date Intel Corp. BX97510J.86A.1304.2006.0620.1451, 6/20/2006
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name
Time Zone Eastern Daylight Time
Total Physical Memory 2,048.00 MB
Available Physical Memory 1.54 GB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 3.85 GB
Page File C:\pagefile.sys
Thanks in advance to whoever can help.

I cannot get to the add/remove programs because the taskbar is not present on the desktop. I tried ctrl+esc but that did not work. I tried CTRL+ALT+DEL to fire up the Task Manager and then in the File menu, selected New Task (Run...). Typed in "explorer" and pressed OK, but no taskbar. I tried the windows button on the keyboard but that did not work either. This was all in safe mode. Also, spy sweeper ran in safe mode and found 3 infections: netbt.sys, aeaudioservice.dll, and recycler/nproduct Everytime I enter safe mode spy sweeper runs and says there is an infection found. I left the computer on all last night in safe mode and this morning a message box from spy sweeper said "The installation has been damaged. Please reinstall the product. (105)." I had to get to work and once home I clicked OK and the following message box said : The connection to the program engine has been lost or terminated. The program will now close and restart. If you experience any problems, please contact Webroot support at...

I also tried a system restore in safe mode using the following:
Safe mode with a Command prompt option. If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER. Log on as an administrator or with an account that has administrator credentials. At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
The computer did not do anything after pressing enter. Also tried restore in safe mode after the box pops up asking to proceed in safe mode or to use system restore, but the following message box pops up: System restore is not able to protect your computer. Please restart your computer, and then run System Restore again.

What do you think the problem is? Is there another way to uninstall spysweeper? I have Malwarebytes but not pro version but it does not start up when computer starts up so I do not think that it is interfering.
-rhino1

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 59,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:27 PM

Posted 23 April 2012 - 12:50 PM

Lets see if you can do this first.

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 rhino1

rhino1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 23 April 2012 - 06:32 PM

Thank you so much for responding. I'm sorry this is a long post but have tried to figure out what could be wrong. What should I do next?

I have tried scannow in normal mode but it did not seem to work as it ran all night and only a small portion of the blue progress bar showed. Should I try it in safe mode?
Also I do not know if the following could help:
1. I tried uninstalling the webroot secureanywhere program using IOBUninstaller in normal mode and safe mode but when I restart the computer in normal or safe mode it still is slow and the webroot secureanywhere pops up again and starts scanning. It always finds the infections c:\recycler\nprotect, c:\windows\system32\aeaudioservice.dll, and C:\WINDOWS\system32\DRIVERS\netbt.sys. The uninstall does not seem to work. Also tried to remove using add/remove area but when I click the button to remove my firefox webpage opens and says "server not found. Firefox can't find the server at detail.webrootcloudav.com."

2. Malwarebytes cannot scan and says run-time error 372: Failure to load control vbalGrid from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application. Also tried to run in chameleon mode but that did not work.

3. Advanced System Care runs but on deep scan it gets stuck on disc scan.

4. AVIRA rescue system CD found and deleted TR/Kazy.58350, TR/Crypt.XPACK.Gen8, TR/Sirefef.BV.2, and TR/Offend.kdv.582833 and also found some warnings on some files.
5. The internet does not connect.
6. A box pops up saying Run As Which user account do you want to use to run this program?: Current user The following user: username: password:
7. AVG rescue cd found rkill(which I previously downloaded but I think it is the program loader file)
8. Made ultimate boot cd for windows and:
SuperAntispyware found some adware and a Registry keys: HKLM/SOFTWARE/MICROSOFTWINDOWS NT/CURRENTVERSION\WINLOGON#SHELL

Spybot found problems in microsoft windows system:
SBI $51373AEEE settings: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (i...
HKEY-USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage(is...
W3i.IQ5.fraud: (SBI $467B1F92) Settings: HKEY_LOCAL_MACHINE\PE_C_SOFTWARE\Freeze.com
(SBI $678078F9) Settings: HKEY_LOCAL_MACHINE\PE_C_SOFTWARE\W3i

Avira virus scan found 2 items: addvn%7C3.0%7C5274%7C226688... Contains recognition pattern of the HTML/Infected.Webpage.Gen HTML script virus.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 59,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:27 PM

Posted 23 April 2012 - 08:50 PM

No problem .. try these next.

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.




Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

[color="#008000"] Note:
When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 rhino1

rhino1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 24 April 2012 - 06:32 PM

I cannot connect to the internet to get tdsskiller. I tried loading it on a usb but the computer does not recognize the usb (it does not show up on the my computer screen). Can you run tdsskiller from a cd?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 59,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:27 PM

Posted 24 April 2012 - 08:32 PM

Man!! Can you do a system restotr to a date before the spysweeper update ??

Windows XP System Restore Guide
Tgen try post 2
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 rhino1

rhino1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 24 April 2012 - 09:54 PM

No. The taskbar at the bottom of the screen is missing so I cannot access system tools that way.

I tried the system restore when the computer is loading up in safe mode (when it asks if you prefer to continue in safe mode click yes...prefer to use system restore click no) but the system loads up in safe mode and a box pops up saying "system restore is not able to protect your computer. Please restart your computer, and then run system restore again."

I tried task manager... Click the "File" menu and click "New Task (Run)" to launch the "Run Command" window. Type "C:\windows\system32\restore\rstrui.exe" but the computer went back to reloading in safe mode and the box popped up again asking if you prefer to continue in safe mode..... and also the other box saying system restore is not able to protect your computer...

Is there another way to do a system restore that would override this? Anything on the windows install disc. Is there a rescue disc that would help?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 59,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:27 PM

Posted 24 April 2012 - 10:07 PM

Let us see if we can get Safe mode to run.
Vista users my need to save it to the desktop first then right-click the icon and choose "Run as Administrator".

Please download and run SafeBootKeyRepair.exe.

Once it has completed, please try booting into Safe Mode.



For the Taskbar
Press CTRL+ESC.
Right click on the blue space near the bottom of your start menu and click properties.
A new window will appear. Under Taskbar tab, you will see some options. Uncheck Auto hide the taskbar amd Press OK.

If your task bar is at any other side of screen instead of bottom then move your coursor on the taskbar and press and hold the left mouse button and drag it away from the side of the screen and drop it at the bottom.

Right click on the taskbar, go to properties and check the Lock The Taskbar item and press OK.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#9 rhino1

rhino1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 25 April 2012 - 05:47 AM

I cannot connect to the internet in normal mode or safe mode to download safebootkeyrepair (I am using a different computer to reply to this forum).
The ctrl-esc does not do anything. I right click at bottom of screen and click properties and the autohide is already unchecked. Also, at the bottom of the desktop screen there is just a small grey line/box (maybe top of taskbar?) so the taskbar I believe is located there and the lock taskbar is already checked.
Any other suggestions? Is there anything on the ultimate boot cd for windows that could help?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:27 AM

Posted 26 April 2012 - 06:07 AM

Also, spy sweeper ran in safe mode and found 3 infections: netbt.sys, aeaudioservice.dll
AVIRA rescue system CD found and deleted TR/Kazy.58350, TR/Crypt.XPACK.Gen8, TR/Sirefef.BV.2, and TR/Offend.kdv.582833 and


zero access rootkit

Copy TDSSkiller and this tool http://download.bleepingcomputer.com/farbar/FSS.exe
to a CD and run them on the infected PC and post the logs as requested by boopme

#11 rhino1

rhino1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 26 April 2012 - 08:49 AM

Do you run the cd in normal mode or safe mode or when the computer is booting up?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:27 AM

Posted 26 April 2012 - 09:44 AM

Run it in normal mode?

Insert the CD,run the tools ,post the log

good luck

#13 rhino1

rhino1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 26 April 2012 - 07:43 PM

TDSSkiller ran from the cd but no threats found. It only took 23 seconds processed 306 objects. I noticed that under change parameters the additional options 1. verify file digital signatures and 2. detect TDLFS file system are unchecked. Should these be checked and run the scan again? Also FSS scans but a box pops up saying Cannot find the FSS.txt file. Do you want to create a new file? What does this mean and where would I find it?

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:27 AM

Posted 26 April 2012 - 08:36 PM

Also FSS scans but a box pops up saying Cannot find the FSS.txt file. Do you want to create a new file?

Trying to launch from CD ?

Copy it to the desktop and launch it from there

good luck

#15 rhino1

rhino1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 26 April 2012 - 10:26 PM

Yes trying to from cd. Cannot get it to desktop. Tried drag drop, going to Edit and Copy to folder but nothing works. It seems to be hopeless. Anything else?
Also I will be away from computer till Mon 4/30/12 so I will not be able to do anything else. PLEASE do not close this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users