Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely Slow Computer


  • Please log in to reply
14 replies to this topic

#1 Jay Dubya

Jay Dubya

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 September 2008 - 07:00 PM

I sure would appreciate any help in getting my computer back from the brink of death.

Let me first say that this might possibly be a hangover from AntivirusXP 2008. About 3 or 4 weeks ago I was web surfing when all of a sudden I received a pop up stating that my computer is infected with something like 2706 different viruses and I should immediatley run a scan with my virus protection. I clicked on the pop up to CLOSE IT and as soon as I did I realized that I had probably just unlesashed the virus. And of course thats exactly what I did. It turned out to be AntivirusXP2008. My screen saver disappeared and was replaced by a warning that my computer was infected and that I needed to buy their software in order to remove the infection. I did NOT buy their software. Mcafee was unable to identify the original problem, Adaware 2008 was also unable. After searching several websites I found several different instructions regarding how to remove AntivirusXP2008 and I tried many of them and while I could get partially through the directions it seemed like eventually I would reach an impass of some sort. I would be instructed to locate a file and no such file existed, etc. So while it seemed like I was on a path to remove the virus, none of the suggested solutions seemed to remove the virus COMPLETELY. A co-worker suggested Windows One Care Live. So I installed it. One issue I had with Windows OneCare Live is that it directed me to uninstall Mcaffe and Adaware - which I did. (I eventually got them reinstalled) I also installed PC Tools Spyware Doctor, PC Tools Registry Mechanic, Malwarebytes Anti-malware and Malwarebytes RogueRemover. I cannot be certain, however, it "appears" that through the combined effects of everything I tried that AntivirusXP2008 may finally be gone - the "screen saver" warning is gone.

At that point I found that I had a redirect virus. Which I struggled with but after several days of fighting the good fight, I seemed to finally win that battle.

But now it seems as though while I thought I was getting the upper hand, apparenlty I have not. My computer is so slow at this point that Im seriously considering dumping it. Start up is absolutley horendous and logging onto a website (such as this one) can take anywhere from 1 minute to 3 minutes.

I just logged on today and immediately typed up this request. I have not run any systems in an effort to fight the problem. All of that was done yesterday - I ran the entire gammit, everything I could think of including:
Cleaning out my temporary files, temporary interent files and recycle bin. I ran Spyware Doctor, Registry Mechanic both Malwarebytes RogueRemover and Malwarebytes anti-malware, Mcafee and Adaware 2008. Some of the systems either identified absolutley nothing, some DID identify things but stated that they were supposedly corrected, removed, deleted, etc.

In summary, Im not sure if my problem is a part of, or is in some way, related to AntivirusXP2008 or if it is a completely separate issue.
What I would ultimately like to be able to do is 1.) be sure Ive rid my computer of any and all viruses and 2.) get it back to running at acceptable speeds.

I certainly would appreciate any help and look forward to hearing from y'all.

BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:22 AM

Posted 12 September 2008 - 07:54 PM

Windows OneCare Live is not that good but I agree on getting rid of McAfee, adaware shouldn't be running resident so you can leave it

http://service.mcafee.com/FAQDocument.aspx...083&lc=1033

If you leave it, you might as well just format the hard drive and reload. If it's running we'll never cleanup your computer, I know this sounds drastic but I feel it's the consensus of the security community.(and my personal experience)

http://www.bleepingcomputer.com/forums/ind...mp;#entry935171

you should be able to run the atf cleaner and SAS from safe mode even with McAfee installed, a word of warning if something requires a reboot for removal, McAfee will interfer
Chewy

No. Try not. Do... or do not. There is no try.

#3 Jay Dubya

Jay Dubya
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 September 2008 - 08:19 PM

Okay, Ive kicked Mcafee to the curb. Whats my first step?

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:22 AM

Posted 12 September 2008 - 08:22 PM

OK let's start with atf cleaner, be thorough and SAS from safe mode
Chewy

No. Try not. Do... or do not. There is no try.

#5 Jay Dubya

Jay Dubya
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 September 2008 - 09:18 PM

Ran ATF but cannot run SAS in safe mode - pop up says "The windows installer service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance."

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:22 AM

Posted 12 September 2008 - 09:39 PM

Will SAS run from regular mode? Let us know.
If so let's at least get that scan and log, thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:22 AM

Posted 12 September 2008 - 09:46 PM

You have to install SAS in normal mode(as per the directions) then run it from safe mode
Chewy

No. Try not. Do... or do not. There is no try.

#8 Jay Dubya

Jay Dubya
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 September 2008 - 10:23 PM

Alright guys, doesnt look like much, but here's the log from SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/12/2008 at 10:13 PM

Application Version : 4.21.1004

Core Rules Database Version : 3565
Trace Rules Database Version: 1553

Scan type : Complete Scan
Total Scan Time : 00:18:11

Memory items scanned : 498
Memory threats detected : 0
Registry items scanned : 5254
Registry threats detected : 1
File items scanned : 18400
File threats detected : 0

Adware.MyWebSearch
HKU\S-1-5-21-1645522239-1767777339-725345543-501\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

#9 Jay Dubya

Jay Dubya
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 September 2008 - 10:31 PM

BTW, I did install both ATF and SAS in normal mode but when running SAS in safe mode that is the pop up I received.
Also BTW, the computer seems to come back to "operational" much, much faster during these last couple of reboots than it has in the past few days. Restarting the computer would have taken a good 5 or 6 minutes last night. These last few restarts have run approximatley 45 seconds to a minute. Seems like the ATF cleaner alone has helped a lot.

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:22 AM

Posted 12 September 2008 - 10:31 PM

Let's do a quick scan with a updated MBAM(malwarebytes)

and let's see what else is up

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Chewy

No. Try not. Do... or do not. There is no try.

#11 Jay Dubya

Jay Dubya
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 September 2008 - 10:41 PM

Here are the requested logs:

Malwarebytes' Anti-Malware 1.28
Database version: 1143
Windows 5.1.2600 Service Pack 2

9/12/2008 10:40:00 PM
mbam-log-2008-09-12 (22-40-00).txt

Scan type: Quick Scan
Objects scanned: 46673
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*************************************

SmitFraudFix v2.349

Scan done at 22:34:22.54, Fri 09/12/2008
Run from C:\Documents and Settings\BlackJack\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\BlackJack


C:\Documents and Settings\BlackJack\Application Data


Start Menu


C:\DOCUME~1\BLACKJ~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\SYSTEM32\\userinit.exe,"
"System"=""


RK



DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{56E6C05F-E8A8-4B2A-961F-6463C58F6830}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{56E6C05F-E8A8-4B2A-961F-6463C58F6830}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{56E6C05F-E8A8-4B2A-961F-6463C58F6830}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


Scanning for wininet.dll infection


End

#12 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:22 AM

Posted 12 September 2008 - 10:54 PM

http://www.anythingbutipod.com/forum/showthread.php?t=22663

here's just one example of crapware you have running

btw avira free is a good antivirus without hogging system resources too much
Chewy

No. Try not. Do... or do not. There is no try.

#13 Jay Dubya

Jay Dubya
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 September 2008 - 10:59 PM

I dont even have the SanDisk MP3 player anymore (gave it as a gift) so, as far as Im concerned, this can be absolutely wiped out.

There's probably a lot of crap, and I mean a LOT of crap, that Im not even aware of on this machine.

Just direct me, oh wise one, and I will obey.

#14 Jay Dubya

Jay Dubya
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 September 2008 - 11:12 PM

Chewy,
Ive got to get some sleep. Been up since 5:30 and Im fading fast. Please feel free to post your reply (replies) and I'll check them out in the morning. Thanks very, VERY much for all the help so far, I already see a difference in the speed of the computer. Y'all have a thankless job, and Im sure some of the people you have to deal with can be a real pain in the @$$. I want you to know that I REALLY appreciate your time and the help youve provided me. Have a good night.

#15 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:22 AM

Posted 13 September 2008 - 01:28 AM

http://www.bleepingcomputer.com/forums/t/44694/slow-computer/

http://www.bleepingcomputer.com/startups/

http://forum.digital-digest.com/showthread.php?t=60313

give these a glance
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users