Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

S L O W/ Computer 2


  • This topic is locked This topic is locked
11 replies to this topic

#1 JAJR

JAJR

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 12 January 2009 - 01:16 AM

Bleep Team,

General crappiness in operations. Computer takes 15 minutes or more to boot. I just did a thorough cleansing with ESET, S&D, CCleaner, etc., but it's still not up to snuff. The issues became pronounced when I was trying to configure a Linksys product (wireless music bridge). You will see on Attach.txt the thousands of times I tried to remove it. I was hoping you could give this a quick once over. DDS, Attach.txt, and HJT log are below and attached as requested.

Thank you so very much for your help. I know you are working on your own time.
Joe

PS: I have another post currently active in this forum regarding my computer at work. Please do not be confused. I have not posted duplicates.

Attached Files



BC AdBot (Login to Remove)

 


#2 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 22 January 2009 - 09:12 PM

Hi JAJR,

Welcome to Bleeping Computers

My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.
I've looked over your logs. It is quite possible your issue isn't malware related. However, lets try a couple things and see how we go.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon. Posted Image
  • Under Temporary Internet Files, click the Settings... button
  • click the Delete Files button.
  • There are three options in the window to clear the cache - Leave all 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Settings
  • Click OK to leave the Java Control Panel.
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.



Viewpoint Manager is considered as foistware instead of malware since it is often installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware
It is STRONGLY recommended that you remove the Viewpoint products; however, decide for yourself. To uninstall the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, then Settings, then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, Remove the Viewpoint component
  • Do the same for each Viewpoint component.
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).
Then

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
In your next reply please provide:
  • Mbam report
  • Kaspersky report
  • New HijackThis log taken after everything else completed

Posted Image

#3 JAJR

JAJR
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 24 January 2009 - 06:00 PM

Tomk,

Thanks for your reply. I am doing as you requested and will be back shortly.

Joe

#4 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 25 January 2009 - 01:24 PM

:thumbsup:
Posted Image

#5 JAJR

JAJR
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 28 January 2009 - 03:01 AM

Tomk,

Old Java's out, new java's in. The old baggage was thrown out with it, good riddance. Viewpoint and its related wee-beasties have gone the way of the Apple II+. Gone.

HJT, Malwarebytes, and Kaspersky logs are attached, as requested. Kaspersky didn't find anything. The logs are Greek to me... I don't know what you guys are looking at; reminds me of The Matrix. But, generally, the computer just seems bogged down. Like it's trying to run sprints with a load of bricks in its socks. It's been hard to come to grips with it, but let's face it, my computer is basically Kurt Rambis circa 1986. Posted Image It's not fast.

Your continued assistance and expertise is, as always, appreciated and respected.

Yours,
J

PS: The Rambis bit is in good jest, of course. He was *way* faster than most of the hotdog vendors. And, Kurt shot the basketball better than my computer EVER could.

Attached Files



#6 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 28 January 2009 - 04:47 PM

JAJR,

Rambis never looked like a star. He maintained the "anyman" mystic.

Let's dig a little deeper:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Posted Image

#7 JAJR

JAJR
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 29 January 2009 - 02:24 AM

Tomk,

ComboFix log is attached. I have 2 questions:

First, do I need to reinstall Autorun, or did it reinstall itself after ComboFix uninstalled it? If the later, please help me reinstall it.

Second, ComboFix deleted a registry entry related to CmFlyWave.exe. The log says it was an "orphan" in the registry. CmFlyWave.exe is the engine of a Linksys Wireless Music Bridge I have on the computer. I recently had problems with the Bridge not connecting and had to add & delete the utility about two dozen times. I've also had problems with my computer's volume control, which occurred at the same time as the install/uninstalls. CmFlyWave does something to reconfigure the audio card. But, why did ComboFix says it was an orphan in the registry? Does that mean CmFlyWave was not actually installed on the computer, but there was just a registry entry of it? That might explain why my music bridge doesn't work....

Other than those matters, both of which are largely irrelevant to the task at hand, what do you see?

My continued thanks,

Joe

Attached Files



#8 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 29 January 2009 - 09:17 AM

JAJR,

Before we install autoruns, I'd like to be sure that you really want to do that. Infections from removable media is rampant today. Many businesses and institutions (schools, etc.) have begun not only disabling autoruns, but don't allow removable media to be connected to their system. As an example of how widespread this issue is, this past Christmas, there were a large number of digital picture frames bought, sold, given as gifts. These devices work on flash memory just like thumb drives do. There were large numbers of infections traced back to the digital picture frames. Even Microsoft reccomends disabling the autorun feature. One last thing to think about, sUBs, the creator of ComboFix, feels strongly enough about this issue, that if autoruns is re-enabled, ComboFix will not be available to your computer. Think about it and let me know.

An orphaned entry is one where the registry is directed toward a certain file, but the file doesn't exist. Orphans are "fixed" just as you described. The registry is told that the file isn't there so stop looking there for it.

Now, to the task at hand, I'm not seeing squat. :thumbsup:

Let's take a shot at an online scan.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Also, please give me a new HijackThis log.
Posted Image

#9 JAJR

JAJR
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 01 February 2009 - 03:45 PM

Tom,

New logs are attached. You've convinced me not to re-load autorun.

If you can't find anything, then you can't find anything. Perhaps the problem is just too much software? Too many items on startup? Too many photos/songs taking up C: drive space? The problem manifests itself thusly: I will be on the internet, a page will not be loading, yet my computer's fan is going crazy and the internal drive is chirping like mad. So, obviously something's running, yet no processes are shown on the task manager (*&%$#!). Or, Word will crash for no reason. Or the browser will crash ("not responding"), and I got this a lot more when using I.E. (I'm exclusively firefox now) but problem still persists. Just general crappy performance, and my processor is relatively fast, memory is substantial.

If you have some tips on getting better performance, notwithstanding a lack of malware, I would be appreciative. I've already done what's been directed of me in "PC cleanup" posts on this site, daniweb, etc., but the chirping internal drive and fan (when I'm not doing anything!) and applications "not responding" persists ad infinitem.

Much obliged, my friend,

Joe

Attached Files



#10 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 02 February 2009 - 01:03 PM

JAJR,

Here is a few things that aren't bad but aren't needed.
  • Please open HijackThis and run Do a system scan only
  • Check the boxes next to ONLY the entries listed below(if present):
    • O2 - BHO: (no name) - AutorunsDisabled - (no file)
      O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  • Close all programs except for HijackThis.
  • Click on Fix checked
  • A box will pop up asking you if you wish to fix the selected items. Please choose YES.
  • Once it has fixed them, please exit/close HijackThis.
With that done, Log looks good :D


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Note the space between the X and the U, it needs to be there.
  • Posted Image
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.
Please re-enable any security that was disabled.

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
Without a firewall your computer is succeptible to being hacked and taken over.
I am very serious about this and see it happen almost every day with my clients.
Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Keep Microsoft Windows Updated - This will ensure your computer has always the latest security updates available installed on your computer. The easiest way to do this is to turn on Automatic Updates. Do this by:
  • From your desktop, right-click on My Computer,
  • click on Properties
  • Select the Automatic Updates tab
  • Click on Automatic
  • Click on Apply button
  • Click on OK to exit.
If there are new updates to install, install them immediately, until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Download and install the free version of WinPatrol - This program protects your computer in a variety of ways and will work well with your existing security software.
Winpatrol


Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.


Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

Also: "How to prevent malware"
by miekiemoes

I would further suggest that you also read this tutorial on slow running computers
and Help! My computer is slow! by miekiemoes.

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.
Posted Image

#11 JAJR

JAJR
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 06 February 2009 - 11:09 PM

I'll get this going. Thanks very much for your help Tom. Please close the thread.

#12 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 07 February 2009 - 05:34 PM

JAJR,

You are very welcome!

Glad we could help.

Good Luck and Be Well. :thumbsup:

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users