Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer, Please Help!


  • Please log in to reply
18 replies to this topic

#1 PMad

PMad

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 14 April 2008 - 08:58 PM

Ive been having some problems with my computer the past couple months, its been running waaaaaaay slower then it should! A lot of things take a long time to start up, windows takes a bit longer then it should, sometimes a program will make a very brief pause and then continue.. And after about a month or 2 of that, i started getting popups.

I used my installed version of McAfee to try and hunt down the source of the popups, but it would crash during the scan every time.. So i installed an old version of Norton i had, 2005. Same issue.. So i started on the online scans, i used panda, kaspersky, mcafee, and norton online scans.. Only Panda and Kaspersky found anything, but they were minor. I removed them and continued on and i still have the same exact problems.

Alot of the popups are trying to get me to purchase specific adware/spyware programs. The rest are ebay ads, ads for colleges, surveys, porn, and all kinds of other products and services. One of the popups i get atleast twice a day has a little IE box that comes up in the bottom right of my screen, then it has a prompt come up that says: "WARNING: YOUR COMPUTER IS INFECTED. Ensure your document and data protection. Scan your computer to know if you are infected by spyware. Would you like to scan your computer now? (recommended)"

Here's anothe one i get, not as common but i get it: "NOTICE: If your computer is infected, you could suffer data loss, erratic PC behavior, PC freezes and crashes. Detect and remove viruses before they activate themselves on your PC to prevent all these problems. Do you want to install AntiSpywareMaster to scan your PC for malware now? (Recommended)". For both of those, i have an ok and cancel button, it isnt a picture, they are the actual buttons, they are dialog boxes popped up from the little IE window that comes up in the bottom right corner of the screen.

Everytime i get a popup, i can see the start of the web address on the button in the start bar, i doubt this helps, but it might! I see this before it goes to the ad site: "http://login.tracking."

Another weird issue is alot of times when typing on forms, or in forums online, some times the key i push doesnt register.. Like i'll type "other" or "walmart" or whatever, and the o's and a's wont type, its happened quite a few times in this post!

Im using Windows XP Profesisonal, fully updated. Ive used msconfig to disable processes that arent needed anymore, ive gone through my processes in the task manager, and everything is legit, nothing is running that shouldnt be running, nothin weird or odd, other then all these popups!

What can i do now?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:17 PM

Posted 14 April 2008 - 10:12 PM

Hello first do you have both McCaffe and Norton running? If so please remove the Norton with, Norton Removal Tool . Running 2 AV's at the same time will conflict and slow the PC down.

You did not mention your OPerating sytem.
If Operating System: 2000/XP/2003/Vista run this and post back the scan log,please.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

NEXT:
Download Attribune's ATF Cleaner ( Windows XP/2000
)and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post log and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 PMad

PMad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 15 April 2008 - 08:13 AM

Hello boopme!

Thanks for the quick reply, i did everything you said and i still have the popups, it seems not much has changed that i can notice so far. I did mention the OS i use, i guess it was in a weird spot.

Im using Windows XP Professional SP2, its fully updated.

When i used Norton and McAfee, i had them on 1 at a time, i never use 2 at the same time for the reasons you stated in your message! Last time i tried, i couldnt boot up my PC :thumbsup:

Malware bytes found an removed a few things, here'st he log for Malware bytes:

Malwarebytes' Anti-Malware 1.11
Database version: 630

Scan type: Quick Scan
Objects scanned: 42353
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.



Super didnt find anything, it was taking a very long time which is normal, but here's the log for super
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/14/2008 at 10:09 PM

Application Version : 4.0.1154

Core Rules Database Version : 3438
Trace Rules Database Version: 1430

Scan type : Complete Scan
Total Scan Time : 01:16:13

Memory items scanned : 237
Memory threats detected : 0
Registry items scanned : 8776
Registry threats detected : 0
File items scanned : 246138
File threats detected : 0


I had Microsoft Visual Studio 2005 installed, i removed that and it speeded up my computer a little bit, that might have been the reason it as slow.. But typing on forms and in forums, i still have letters ignored when typing, and im still getting popups :flowers:

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:17 PM

Posted 15 April 2008 - 08:37 AM

i still have the popups

Please describe them in detail. Are they the same type of pop ups warning that your system is infected?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:17 PM

Posted 15 April 2008 - 08:46 AM

would you try another run thru

disconnect from the internet(pull the plug)

if you have spybot installed make sure teatimer is disabled and any other real time protection is unloaded

run the atf cleaner

rerun MBAM with full scan, save the log

reboot
Chewy

No. Try not. Do... or do not. There is no try.

#6 PMad

PMad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 15 April 2008 - 11:20 PM

Please describe them in detail. Are they the same type of pop ups warning that your system is infected?


I described them in the first post, here's a copy paste of it:
Alot of the popups are trying to get me to purchase specific adware/spyware programs. The rest are ebay ads, ads for colleges, surveys, porn, and all kinds of other products and services. One of the popups i get atleast twice a day has a little IE box that comes up in the bottom right of my screen, then it has a prompt come up that says: "WARNING: YOUR COMPUTER IS INFECTED. Ensure your document and data protection. Scan your computer to know if you are infected by spyware. Would you like to scan your computer now? (recommended)"

Here's anothe one i get, not as common but i get it: "NOTICE: If your computer is infected, you could suffer data loss, erratic PC behavior, PC freezes and crashes. Detect and remove viruses before they activate themselves on your PC to prevent all these problems. Do you want to install AntiSpywareMaster to scan your PC for malware now? (Recommended)". For both of those, i have an ok and cancel button, it isnt a picture, they are the actual buttons, they are dialog boxes popped up from the little IE window that comes up in the bottom right corner of the screen.



would you try another run thru

disconnect from the internet(pull the plug)

if you have spybot installed make sure teatimer is disabled and any other real time protection is unloaded

run the atf cleaner

rerun MBAM with full scan, save the log

reboot


Ok, i did exactly what you said, and nothing at all was found.. Here's the mbam log:
Malwarebytes' Anti-Malware 1.11
Database version: 630

Scan type: Full Scan (C:\|)
Objects scanned: 294153
Time elapsed: 1 hour(s), 18 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:17 PM

Posted 15 April 2008 - 11:39 PM

you have a rogue installed that's controlling the popups or you are wide open on the internet with no firewall or nat?

See anything suspicious in add/remove programs?

post a screenshot of device manager processes sized to fill the screen
Chewy

No. Try not. Do... or do not. There is no try.

#8 PMad

PMad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 16 April 2008 - 12:05 AM

i have McAfee Security Center installed (Security Center, VirusScan, Personal Firewall, Anti-Spam, Privacy Service, Easy Network, Data Backup). After doing the first scans when McAfee crashed during the scan, i removed it and installed Norton, when that crashed i reverted back to McAfee, tried again, crashed, then started doing online scans. It doesnt crash anymore, but it doesnt find anything, and its fully updated.

I go through a router, its a Linksys WRT54G, i have all the protection on in the router too (which isnt much).

Ive gone through my Add/Remove Programs, and ive removed absolutely everything i dont use, and things i do use that could possibly have something in it. I did that before coming here, all my windows processes look fine, the only question i ever have with them is the services host, svchost.exe... Ive had a virus before that disguised itself as that same file, and it was nearly impossible to tell what it was by looking at the processes.. so that one always makes me wonder.. Here's a SS of my processes:

Posted Image

Ive done scan after scan after scan using all different kinds of spyware/adware/malware/virus/trojan specific removers, and other scans meant for everything, nothing is finding this stupid thing! Its getting super annoying! Im always really good about what emails i open and what i do and dont install, im really good at computers, infact, im an IT Manager, and a software developer.. I know all about this stuff, but i cant find this specific one! I guess its learning time..

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:17 PM

Posted 16 April 2008 - 12:21 AM

Your IExplorer is out of control if I had to make a guess, there's no way it needs 80 megs of ram

Mine does 20-30 megs tops

I feel the root of the problem is most likely McAfee, as long as it's installed and not completely cleaned off the computer you won't be able to fix your problem? Or even try a scan from safe mode with it?
Chewy

No. Try not. Do... or do not. There is no try.

#10 PMad

PMad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 16 April 2008 - 12:55 AM

Your IExplorer is out of control if I had to make a guess, there's no way it needs 80 megs of ram

Mine does 20-30 megs tops

I feel the root of the problem is most likely McAfee, as long as it's installed and not completely cleaned off the computer you won't be able to fix your problem? Or even try a scan from safe mode with it?


Good catch! I looked through my IE Add-Ons and disabled some iffy ones and still got popups, then disabled one called "Diagnose Connection Problems...", it doesnt show the filename though... But once i removed that, i ran around the net for a bit and so far, i havent had a popup.. but im still getting that thing i mentioned before where sometimes when i hit a button on the keyboard when typing in forms or in forums (like here), sometimes a button doesnt go through.. like when i typed button.. the 2nd T didnt go in, and when i typed "go", the "g" didnt type in either, but im clearly hitting these buttons! So i dunno, i think there's still something else, IE is still at 50~60MB

#11 PMad

PMad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 16 April 2008 - 12:56 AM

I feel the root of the problem is most likely McAfee, as long as it's installed and not completely cleaned off the computer you won't be able to fix your problem? Or even try a scan from safe mode with it?


I dont see how you think McAfee is the problem? or one of the problems...? yes, ive tried scanning in safe mode, same issues...

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:17 PM

Posted 16 April 2008 - 01:07 AM

http://www.bleepingcomputer.com/forums/ind...st&p=798264

I guess I am just biased since it took me three times as long to fix a computer
Chewy

No. Try not. Do... or do not. There is no try.

#13 PMad

PMad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 16 April 2008 - 02:02 AM

http://www.bleepingcomputer.com/forums/ind...st&p=798264

I guess I am just biased since it took me three times as long to fix a computer


Well, some malware, and mostly viruses are setup to screw with antivirus programs and prevent them from detecting it.. Ive used Norton for years until i starting having computer troubles, spent weeks trying to figure it out when i found out the virus loaded at bootup just before Norton, and added it to nortons safe list so norton would allow it. It wrecked havoc on my computer for over 3 months, and i was determined to fix it without formatting... It was a virus, AND a downloader, it would download malware/adware/spyware/etc... and add i to the safe list, then install it... Everything was allowed.. Once i removed them norton started dinging non stop bring up viruses, malware, adware, spyware, downloaders, everything! Cleaned it all off, then a month later i got another virus.. I could run any EXE file 1 time, then the virus would try to corrupt the EXE file i ran, and it would fail, destroying the EXE file.. If i ran a program, i had to reistall it before using it again.. after a month and a half of that, i removed it.. installed McAfee, it found the virus and removed it..

So from my experiences, no 1 antivirus is better then another since theres viruses that can target any and every antivirus, adding it to the allow list making your antivirus pointless... But McAfee seems to find the new viruses faster, and gets them in their DB and updates delivered to you faster then anyone else, but i think its still necessary to do a few online scans every now and then.

The trojans and malware you had on that computer in that link either just unintentionally screwed with McAfee causing it to go haywire, or intentionally did it to block it from being detected.. No program is perfect, so anything is expected.

#14 PMad

PMad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 16 April 2008 - 02:04 AM

Thank you Boopme, Quietman7, and Dachew for helping me get the malware problem figured out.. Now i gotta figure out what else is screwing with my IE..

No scans or fixes could fix the problems i was having, instead, removing a specific Add-on for Internet Explorer is what was needed.

This thread is resolved! Computer does run much better now after removing all the junk and the addon! Thanks everyone!

Edited by PMad, 16 April 2008 - 02:05 AM.


#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:17 PM

Posted 16 April 2008 - 08:11 AM

You're welcome on behalf of the Bleeping Computer community.

Now if there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Best Practices - Internet Safety for 2008".
"Hardening Windows Security - Part 1 & Part 2".
"IE Recommended Minimal Security Settings".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users